Vulnerability Details CVE-2006-2921
PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.6%
CVSS Severity
CVSS v2 Score 5.1
References
- http://secunia.com/advisories/20480
- http://sx02.coresec.de/advisories/149.txt
- http://www.vupen.com/english/advisories/2006/2166
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27058
- http://secunia.com/advisories/20480
- http://sx02.coresec.de/advisories/149.txt
- http://www.vupen.com/english/advisories/2006/2166
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27058
Products affected by CVE-2006-2921
-
cpe:2.3:a:cmpro_team:clan_manager_pro:1.1