Vulnerability Details CVE-2006-0164
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.089
EPSS Ranking 92.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/18346
- http://sourceforge.net/project/shownotes.php?release_id=384232
- http://www.osvdb.org/22302
- http://www.securityfocus.com/bid/17469
- http://www.vupen.com/english/advisories/2006/0123
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24062
- http://secunia.com/advisories/18346
- http://sourceforge.net/project/shownotes.php?release_id=384232
- http://www.osvdb.org/22302
- http://www.securityfocus.com/bid/17469
- http://www.vupen.com/english/advisories/2006/0123
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24062
Products affected by CVE-2006-0164
-
cpe:2.3:a:woah-projekt:phgstats:0.1
-
cpe:2.3:a:woah-projekt:phgstats:0.2
-
cpe:2.3:a:woah-projekt:phgstats:0.3
-
cpe:2.3:a:woah-projekt:phgstats:0.3.1
-
cpe:2.3:a:woah-projekt:phgstats:0.4
-
cpe:2.3:a:woah-projekt:phgstats:0.4.1
-
cpe:2.3:a:woah-projekt:phgstats:0.4.2
-
cpe:2.3:a:woah-projekt:phgstats:0.5