CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-4877

Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.074

EPSS Ranking 91.3%

CVSS Severity

CVSS v2 Score 5.0

References

http://secunia.com/advisories/22014
http://securityreason.com/securityalert/1607
http://www.osvdb.org/28965
http://www.osvdb.org/28966
http://www.osvdb.org/28967
http://www.securityfocus.com/archive/1/446318/100/0/threaded
http://www.securityfocus.com/bid/20061
http://www.vupen.com/english/advisories/2006/3688
http://secunia.com/advisories/22014
http://securityreason.com/securityalert/1607
http://www.osvdb.org/28965
http://www.osvdb.org/28966
http://www.osvdb.org/28967
http://www.securityfocus.com/archive/1/446318/100/0/threaded
http://www.securityfocus.com/bid/20061
http://www.vupen.com/english/advisories/2006/3688

Products affected by CVE-2006-4877

David Bennett » Php-Post » Version: Any

cpe:2.3:a:david_bennett:php-post:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-4877

Products

Pricing

Contact Us