CVE-2006-5132

Sažetak

Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009.

Reference

http://osvdb.org/ref/29/2914x-phpmyagenda.txt
http://sourceforge.net/forum/forum.php?forum_id=569237
http://www.osvdb.org/29148
http://www.osvdb.org/29149
http://www.osvdb.org/29150
http://www.osvdb.org/29151
http://www.securityfocus.com/archive/1/433995
https://exchange.xforce.ibmcloud.com/vulnerabilities/26062

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-07-2017 - 01:33

Objavljeno

03-10-2006 - 04:03