CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-3193

Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.033

EPSS Ranking 86.6%

CVSS Severity

CVSS v2 Score 5.1

References

Products affected by CVE-2006-3193

Grayscale » Bandsite Cms » Version: 1.1.1

cpe:2.3:a:grayscale:bandsite_cms:1.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-3193

Products

Pricing

Contact Us