Lucene search

MitreCVE-2006-5186

HistoryOct 10, 2006 - 4:06 a.m.

CVE-2006-5186

2006-10-1004:06:00

mitre

web.nvd.nist.gov

cve-2006-5186

php

remote file inclusion

functions.php

phpmyprofiler

security vulnerability

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.167

Percentile

96.1%

JSON

PHP remote file inclusion vulnerability in functions.php in phpMyProfiler 0.9.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter.

Affected configurations

Nvd

Node

phpmyprofilerphpmyprofilerRange≤0.9.6

VendorProductVersionCPE
phpmyprofilerphpmyprofiler*cpe:2.3:a:phpmyprofiler:phpmyprofiler:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyprofiler	phpmyprofiler	*	cpe:2.3:a:phpmyprofiler:phpmyprofiler::::::::

References

forum.phpmyprofiler.de/viewtopic.php?p=2745#2745

secunia.com/advisories/22144

securityreason.com/securityalert/1696

securitytracker.com/id?1016980

www.phpmyprofiler.de/index.php?page=2

www.securityfocus.com/archive/1/447646/100/0/threaded

www.securityfocus.com/bid/20324

www.vupen.com/english/advisories/2006/3896

exchange.xforce.ibmcloud.com/vulnerabilities/29335

www.exploit-db.com/exploits/2470

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.167

Percentile

96.1%

JSON

Related for CVE-2006-5186