CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-5234

Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable

Exploit prediction scoring system (EPSS) score

EPSS Score 0.048

EPSS Ranking 89.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://securityreason.com/securityalert/1716
http://www.attrition.org/pipermail/vim/2006-October/001079.html
http://www.securityfocus.com/archive/1/448098/100/0/threaded
http://www.securityfocus.com/archive/1/448307/100/100/threaded
http://www.securityfocus.com/bid/20412
http://securityreason.com/securityalert/1716
http://www.attrition.org/pipermail/vim/2006-October/001079.html
http://www.securityfocus.com/archive/1/448098/100/0/threaded
http://www.securityfocus.com/archive/1/448307/100/100/threaded
http://www.securityfocus.com/bid/20412

Products affected by CVE-2006-5234

Phpwebsite » Phpwebsite » Version: 0.10.2

cpe:2.3:a:phpwebsite:phpwebsite:0.10.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-5234

Products

Pricing

Contact Us