Vulnerability Details CVE-2006-2811
Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.072
EPSS Ranking 91.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://securityreason.com/securityalert/1033
- http://www.osvdb.org/27209
- http://www.osvdb.org/27211
- http://www.osvdb.org/27212
- http://www.osvdb.org/27213
- http://www.osvdb.org/27214
- http://www.osvdb.org/27215
- http://www.osvdb.org/27216
- http://www.osvdb.org/27217
- http://www.osvdb.org/27218
- http://www.osvdb.org/27219
- http://www.osvdb.org/27220
- http://www.osvdb.org/27221
- http://www.osvdb.org/27222
- http://www.osvdb.org/27223
- http://www.osvdb.org/27224
- http://www.osvdb.org/27225
- http://www.osvdb.org/27226
- http://www.osvdb.org/27227
- http://www.osvdb.org/27228
- http://www.osvdb.org/27229
- http://www.securityfocus.com/archive/1/435590/100/0/threaded
- http://www.securityfocus.com/archive/1/456893/100/200/threaded
- http://www.securityfocus.com/archive/1/459572/100/0/threaded
- http://www.securityfocus.com/bid/18232
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26981
- http://securityreason.com/securityalert/1033
- http://www.osvdb.org/27209
- http://www.osvdb.org/27211
- http://www.osvdb.org/27212
- http://www.osvdb.org/27213
- http://www.osvdb.org/27214
- http://www.osvdb.org/27215
- http://www.osvdb.org/27216
- http://www.osvdb.org/27217
- http://www.osvdb.org/27218
- http://www.osvdb.org/27219
- http://www.osvdb.org/27220
- http://www.osvdb.org/27221
- http://www.osvdb.org/27222
- http://www.osvdb.org/27223
- http://www.osvdb.org/27224
- http://www.osvdb.org/27225
- http://www.osvdb.org/27226
- http://www.osvdb.org/27227
- http://www.osvdb.org/27228
- http://www.osvdb.org/27229
- http://www.securityfocus.com/archive/1/435590/100/0/threaded
- http://www.securityfocus.com/archive/1/456893/100/200/threaded
- http://www.securityfocus.com/archive/1/459572/100/0/threaded
- http://www.securityfocus.com/bid/18232
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26981