Lucene search

MitreCVE-2006-5105

HistoryOct 03, 2006 - 4:03 a.m.

CVE-2006-5105

2006-10-0304:03:00

mitre

web.nvd.nist.gov

cve-2006-5105

syntaxcms

remote file inclusion

php

vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.092

Percentile

94.7%

JSON

Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/0030_init_syntax.php, or (2) an unspecified parameter to admin/testing/index.php. NOTE: the 0004_init_urls.php vector is already covered by CVE-2006-5055.

Affected configurations

Nvd

Node

forum_onesyntaxcmsMatch1.1.1

forum_onesyntaxcmsMatch1.2.1

forum_onesyntaxcmsMatch1.3

VendorProductVersionCPE
forum_onesyntaxcms1.1.1cpe:2.3:a:forum_one:syntaxcms:1.1.1:*:*:*:*:*:*:*
forum_onesyntaxcms1.2.1cpe:2.3:a:forum_one:syntaxcms:1.2.1:*:*:*:*:*:*:*
forum_onesyntaxcms1.3cpe:2.3:a:forum_one:syntaxcms:1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
forum_one	syntaxcms	1.1.1	cpe:2.3:a:forum_one:syntaxcms:1.1.1:::::::*
forum_one	syntaxcms	1.2.1	cpe:2.3:a:forum_one:syntaxcms:1.2.1:::::::*
forum_one	syntaxcms	1.3	cpe:2.3:a:forum_one:syntaxcms:1.3:::::::*

References

secunia.com/advisories/22067

www.syntaxcms.org/content/article/detail/513

exchange.xforce.ibmcloud.com/vulnerabilities/29122

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.092

Percentile

94.7%

JSON

Related for CVE-2006-5105