Lucene search

[email protected]NVD:CVE-2006-1800

HistoryApr 18, 2006 - 10:02 a.m.

CVE-2006-1800

2006-04-1810:02:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.039

Percentile

92.0%

JSON

Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via “…” sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log.

Affected configurations

Nvd

Node

simplemediasimplebbsMatch1.0.6

simplemediasimplebbsMatch1.0.7

simplemediasimplebbsMatch1.1

VendorProductVersionCPE
simplemediasimplebbs1.0.6cpe:2.3:a:simplemedia:simplebbs:1.0.6:*:*:*:*:*:*:*
simplemediasimplebbs1.0.7cpe:2.3:a:simplemedia:simplebbs:1.0.7:*:*:*:*:*:*:*
simplemediasimplebbs1.1cpe:2.3:a:simplemedia:simplebbs:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
simplemedia	simplebbs	1.0.6	cpe:2.3:a:simplemedia:simplebbs:1.0.6:::::::*
simplemedia	simplebbs	1.0.7	cpe:2.3:a:simplemedia:simplebbs:1.0.7:::::::*
simplemedia	simplebbs	1.1	cpe:2.3:a:simplemedia:simplebbs:1.1:::::::*

References

downloads.securityfocus.com/vulnerabilities/exploits/SimpleBBS-RCE-posts.php.pl

www.securityfocus.com/archive/1/430872

www.securityfocus.com/bid/17501

www.worlddefacers.de/Public/WD-SMPL.txt

exchange.xforce.ibmcloud.com/vulnerabilities/25788

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.039

Percentile

92.0%

JSON

Related for NVD:CVE-2006-1800

cve1 prion1 cvelist1 exploitdb1