Vulnerability Details CVE-2006-4635
Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.4%
CVSS Severity
CVSS v2 Score 6.5
References
- http://classic.squiz.net/download/changelogs/change_log_2.14.8
- http://secunia.com/advisories/21757
- http://www.securityfocus.com/bid/19868
- http://www.vupen.com/english/advisories/2006/3477
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28768
- http://classic.squiz.net/download/changelogs/change_log_2.14.8
- http://secunia.com/advisories/21757
- http://www.securityfocus.com/bid/19868
- http://www.vupen.com/english/advisories/2006/3477
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28768
Products affected by CVE-2006-4635
-
cpe:2.3:a:squiz:mysource_classic:*