Vulnerability Details CVE-2006-4276
PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.128
EPSS Ranking 93.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/21572
- http://www.osvdb.org/28028
- http://www.securityfocus.com/bid/19612
- http://www.vupen.com/english/advisories/2006/3335
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28471
- https://www.exploit-db.com/exploits/2220
- http://secunia.com/advisories/21572
- http://www.osvdb.org/28028
- http://www.securityfocus.com/bid/19612
- http://www.vupen.com/english/advisories/2006/3335
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28471
- https://www.exploit-db.com/exploits/2220
Products affected by CVE-2006-4276
-
cpe:2.3:a:tutti_nova:tutti_nova:*