Vulnerability Details CVE-2006-4557
PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/archive/1/443466/100/200/threaded
- http://www.securityfocus.com/archive/1/443522/100/200/threaded
- http://www.securityfocus.com/archive/1/443710/100/100/threaded
- http://www.securityfocus.com/archive/1/444074/100/100/threaded
- http://www.securityfocus.com/archive/1/443466/100/200/threaded
- http://www.securityfocus.com/archive/1/443522/100/200/threaded
- http://www.securityfocus.com/archive/1/443710/100/100/threaded
- http://www.securityfocus.com/archive/1/444074/100/100/threaded
Products affected by CVE-2006-4557
-
cpe:2.3:a:robert_jewell:discloser:0.0.4