CVE-2006-7124

PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://developer.joomla.org/sf/sfmain/do/viewProject/projects.bsq_sitestats
http://secunia.com/secunia_research/2006-63/advisory/	Patch Vendor Advisory
http://securityreason.com/securityalert/2360
http://www.osvdb.org/29287	Patch
http://www.securityfocus.com/archive/1/447356/100/0/threaded
http://www.securityfocus.com/bid/20267	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/29269

Configurations

Configuration 1 (hide)

cpe:2.3:a:joomla:bsq_sitestats:1.8.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-03-06 01:19

Updated : 2018-10-16 16:29

NVD link : CVE-2006-7124

Mitre link : CVE-2006-7124

CVE.ORG link : CVE-2006-7124

JSON object : View

Products Affected

joomla

bsq_sitestats

CWE

NVD-CWE-Other

{"id": "CVE-2006-7124", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-03-06T01:19:00.000", "references": [{"url": "http://developer.joomla.org/sf/sfmain/do/viewProject/projects.bsq_sitestats", "source": "cve@mitre.org"}, {"url": "http://secunia.com/secunia_research/2006-63/advisory/", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2360", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/29287", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/447356/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20267", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29269", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter."}, {"lang": "es", "value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en external/rssfeeds.php de BSQ Sitestats (componente para Joomla) 1.8.0, y posiblemente otras versiones anteriores a 2.2.1, permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s del par\u00e1metro baseDir."}], "lastModified": "2018-10-16T16:29:28.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joomla:bsq_sitestats:1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBD756FB-F3A0-4782-8B7E-D8B4BC6E339C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}