CVE-2006-4189

Sažetak

Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.

Reference

http://secunia.com/advisories/21535
http://securitytracker.com/id?1016692
http://www.osvdb.org/28473
http://www.osvdb.org/28474
http://www.osvdb.org/28478
http://www.osvdb.org/28479
http://www.osvdb.org/28485
http://www.osvdb.org/28492
http://www.osvdb.org/28493
http://www.osvdb.org/28496
http://www.osvdb.org/28498
http://www.osvdb.org/28499
http://www.osvdb.org/28500
http://www.osvdb.org/28501
http://www.osvdb.org/28502
http://www.osvdb.org/28503
http://www.osvdb.org/28504
http://www.osvdb.org/28505
http://www.osvdb.org/28506
http://www.osvdb.org/28507
http://www.osvdb.org/28508
http://www.osvdb.org/28509
http://www.osvdb.org/28510
http://www.osvdb.org/28511
http://www.osvdb.org/28512
http://www.osvdb.org/28513
http://www.osvdb.org/28514
http://www.osvdb.org/28515
http://www.osvdb.org/28516
http://www.osvdb.org/28517
http://www.osvdb.org/28519
http://www.osvdb.org/28520
http://www.osvdb.org/28521
http://www.osvdb.org/28522
http://www.osvdb.org/28523
http://www.osvdb.org/28524
http://www.osvdb.org/28525
http://www.osvdb.org/28526
http://www.osvdb.org/28527
http://www.osvdb.org/28528
http://www.osvdb.org/28529
http://www.osvdb.org/28530
http://www.securityfocus.com/bid/21182
http://www.vupen.com/english/advisories/2006/3346
https://exchange.xforce.ibmcloud.com/vulnerabilities/28363

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-07-2017 - 01:32

Objavljeno

17-08-2006 - 01:04