Lucene search

MitreCVE-2006-7146

HistoryMar 07, 2007 - 8:19 p.m.

CVE-2006-7146

2007-03-0720:19:00

CWE-94

mitre

web.nvd.nist.gov

cve-2006-7146

vulnerability

php

remote file inclusion

bug.php

leicestershire communityportals

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.032

Percentile

91.3%

JSON

PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is not in communityPortals source distributions

Affected configurations

Nvd

Node

cuttlefishleicestershire_communityportalsRange≤1.0

VendorProductVersionCPE
cuttlefishleicestershire_communityportals*cpe:2.3:a:cuttlefish:leicestershire_communityportals:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cuttlefish	leicestershire_communityportals	*	cpe:2.3:a:cuttlefish:leicestershire_communityportals::::::::

References

securityreason.com/securityalert/2387

www.securityfocus.com/archive/1/448311/100/0/threaded

www.securityfocus.com/bid/20467

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.032

Percentile

91.3%

JSON

Related for CVE-2006-7146