CVE-2006-4489

Sažetak

Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2) an FTP path in the config[plugin_dir] parameter in include/initPlugins.php.

Reference

http://secunia.com/advisories/21688
http://securitytracker.com/id?1016769
http://www.attrition.org/pipermail/vim/2006-November/001115.html
http://www.osvdb.org/28258
http://www.osvdb.org/28259
http://www.securityfocus.com/bid/19568
http://www.ultrize.com/minibill/index.php
http://www.ultrize.com/minibill/index.php?page=changelog
http://www.vupen.com/english/advisories/2006/3413
https://exchange.xforce.ibmcloud.com/vulnerabilities/28625
https://www.exploit-db.com/exploits/2272

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2017 - 01:29

Objavljeno

31-08-2006 - 22:04