CVE-2006-1959

Sažetak

PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.

Reference

http://secunia.com/advisories/19743
http://securityreason.com/securityalert/742
http://securitytracker.com/id?1015967
http://www.osvdb.org/24778
http://www.securityfocus.com/archive/1/431351/100/0/threaded
http://www.securityfocus.com/archive/1/434562/100/0/threaded
http://www.securityfocus.com/bid/17597
http://www.vupen.com/english/advisories/2006/1430
https://exchange.xforce.ibmcloud.com/vulnerabilities/25893

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:37

Objavljeno

21-04-2006 - 10:02