Lucene search

K

[email protected]NVD:CVE-2006-0871

HistoryFeb 24, 2006 - 11:02 a.m.

CVE-2006-0871

2006-02-2411:02:00

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.4

Confidence

Low

EPSS

0.015

Percentile

86.8%

Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.

Affected configurations

NVD

Node

mambomamboMatch4.5.3h

OR

mambomamboMatch4.5.3hh

References

archives.neohapsis.com/archives/bugtraq/2006-02/0463.html

secunia.com/advisories/18935

securityreason.com/securityalert/493

source.mambo-foundation.org/view/news/Announcements/Security_Patch_Released/

www.gulftech.org/?node=research&article_id=00104-02242006

www.osvdb.org/23505

www.vupen.com/english/advisories/2006/0719

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.4

Confidence

Low

EPSS

0.015

Percentile

86.8%

Related for NVD:CVE-2006-0871

cve2 cvelist2 prion2 nessus2 exploitpack1 openvas2 freebsd1 exploitdb1 nvd1