Lucene search

[email protected]CVE-2006-5282

HistoryOct 13, 2006 - 7:07 p.m.

CVE-2006-5282

2006-10-1319:07:00

[email protected]

web.nvd.nist.gov

cve

2006

5282

php

remote file inclusion

sh-news

vulnerabilities

execute

arbitrary code

url

scriptpath

report.php

archive.php

comments.php

init.php

news.php

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.1 Low

EPSS

Percentile

95.0%

JSON

Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php.

Affected configurations

NVD

Node

sh-newssh-newsRange≤3.1

CPENameOperatorVersion
sh-news:sh-newssh-newsle3.1

CPE	Name	Operator	Version
sh-news:sh-news	sh-news	le	3.1

References

secunia.com/advisories/22316

www.securityfocus.com/archive/1/471413/100/0/threaded

www.securityfocus.com/bid/20478

www.vupen.com/english/advisories/2006/4014

exchange.xforce.ibmcloud.com/vulnerabilities/29477

www.exploit-db.com/exploits/2518

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.1 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2006-5282

nvd1 cvelist1