Vulnerability Details CVE-2006-4240
PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.074
EPSS Ranking 91.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2006-08/0317.html
- http://securityreason.com/securityalert/1420
- http://securitytracker.com/id?1016701
- http://www.securityfocus.com/bid/19546
- http://www.vupen.com/english/advisories/2006/3298
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28400
- http://archives.neohapsis.com/archives/bugtraq/2006-08/0317.html
- http://securityreason.com/securityalert/1420
- http://securitytracker.com/id?1016701
- http://www.securityfocus.com/bid/19546
- http://www.vupen.com/english/advisories/2006/3298
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28400
Products affected by CVE-2006-4240
-
cpe:2.3:a:fusionphp:fusion_news:1.0
-
cpe:2.3:a:fusionphp:fusion_news:3.3
-
cpe:2.3:a:fusionphp:fusion_news:3.6.1
-
cpe:2.3:a:fusionphp:fusion_news:3.7