Lucene search

MitreCVE-2006-6732

HistoryDec 26, 2006 - 11:28 p.m.

CVE-2006-6732

2006-12-2623:28:00

CWE-94

mitre

web.nvd.nist.gov

cve-2006-6732

php

remote file inclusion

cwmvote 1.0

arbitrary code execution

url

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.051

Percentile

93.0%

JSON

PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter.

Affected configurations

Nvd

Node

cwm-designcwmvoteMatch1.0

VendorProductVersionCPE
cwm-designcwmvote1.0cpe:2.3:a:cwm-design:cwmvote:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cwm-design	cwmvote	1.0	cpe:2.3:a:cwm-design:cwmvote:1.0:::::::*

References

secunia.com/advisories/23434

www.securityfocus.com/bid/21670

www.vupen.com/english/advisories/2006/5084

exchange.xforce.ibmcloud.com/vulnerabilities/30966

www.exploit-db.com/exploits/2958

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.051

Percentile

93.0%

JSON

Related for CVE-2006-6732