CVE-2006-4557

Sažetak

PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute

Reference

http://www.securityfocus.com/archive/1/443466/100/200/threaded
http://www.securityfocus.com/archive/1/443522/100/200/threaded
http://www.securityfocus.com/archive/1/443710/100/100/threaded
http://www.securityfocus.com/archive/1/444074/100/100/threaded

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-08-2024 - 20:15

Objavljeno

06-09-2006 - 00:04