Vulnerability Details CVE-2006-4672
PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter to (a) index.php, or the (2) docroot parameter to (b) index.php or (c) mainpage.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.174
EPSS Ranking 94.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/21868
- http://www.securityfocus.com/archive/1/445748/100/0/threaded
- http://www.securityfocus.com/archive/1/446076/100/0/threaded
- http://www.securityfocus.com/bid/19881
- http://www.vupen.com/english/advisories/2006/3557
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28781
- https://www.exploit-db.com/exploits/2316
- http://secunia.com/advisories/21868
- http://www.securityfocus.com/archive/1/445748/100/0/threaded
- http://www.securityfocus.com/archive/1/446076/100/0/threaded
- http://www.securityfocus.com/bid/19881
- http://www.vupen.com/english/advisories/2006/3557
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28781
- https://www.exploit-db.com/exploits/2316
Products affected by CVE-2006-4672
-
cpe:2.3:a:profitcode:ppalcart:2.5_ee