CVE-2006-3075

Sažetak

Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php.

Reference

http://secunia.com/advisories/20656
http://securitytracker.com/id?1016279
http://www.osvdb.org/26500
http://www.osvdb.org/26501
http://www.osvdb.org/26502
http://www.securityfocus.com/archive/1/437449/100/100/threaded
http://www.securityfocus.com/bid/18471
http://www.vupen.com/english/advisories/2006/2352
https://exchange.xforce.ibmcloud.com/vulnerabilities/27183

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:45

Objavljeno

19-06-2006 - 10:02