CVE-2006-5095

PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed according to the provided instructions

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://attrition.org/pipermail/vim/2006-September/001057.html
http://securityreason.com/securityalert/1656
http://www.securityfocus.com/archive/1/446876/100/0/threaded
http://www.securityfocus.com/bid/20160

Configurations

Configuration 1 (hide)

cpe:2.3:a:myphotos:myphotos:0.1.3b_beta:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-09-29 21:07

Updated : 2024-05-17 00:30

NVD link : CVE-2006-5095

Mitre link : CVE-2006-5095

CVE.ORG link : CVE-2006-5095

JSON object : View

Products Affected

myphotos

myphotos

CWE

NVD-CWE-Other

{"id": "CVE-2006-5095", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-09-29T21:07:00.000", "references": [{"url": "http://attrition.org/pipermail/vim/2006-September/001057.html", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1656", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/446876/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20160", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed according to the provided instructions"}, {"lang": "es", "value": "** DISCUTIDO ** Vulnerabilidad PHP de inclusi\u00f3n remota de archivo en index.php en MyPhotos 0.1.3b beta permite a un atacante remoto ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s del par\u00e1metro includesdir. NOTA: este asunto es discutido por el CVE el 27/09/2006, puesto que el includesdir se define antes de ser utilizado cuando el producto est\u00e1 instalado seg\u00fan las instrucciones proporcionadas."}], "lastModified": "2024-05-17T00:30:38.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:myphotos:myphotos:0.1.3b_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89259951-E2FC-4E22-8554-201560BDE374"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}