Lucene search

[email protected]CVE-2006-4837

HistorySep 15, 2006 - 10:07 p.m.

CVE-2006-4837

2006-09-1522:07:00

[email protected]

web.nvd.nist.gov

cve

2006

4837

php

remote file inclusion

dcp-portal se 6.0

security vulnerability

full path disclosure

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.

Affected configurations

NVD

Node

codeworx_technologiesdcp-portalMatchse_6.0

CPENameOperatorVersion
codeworx_technologies:dcp-portalcodeworx technologies dcp-portaleqse_6.0

CPE	Name	Operator	Version
codeworx_technologies:dcp-portal	codeworx technologies dcp-portal	eq	se_6.0

References

securityreason.com/securityalert/1585

www.securityfocus.com/archive/1/437510/100/200/threaded

www.securityfocus.com/archive/1/445996/100/0/threaded

www.securityfocus.com/bid/20024

www.exploit-db.com/exploits/1905

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

Related for CVE-2006-4837

cvelist1 nvd1