CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-5255

PHP remote file inclusion vulnerability in addnews.php in Greg Neustaetter gCards 1.13 allows remote attackers to execute arbitrary PHP code via a URL in the languagefile parameter. NOTE: another researcher has observed that languageFile is defined before use. CVE analysis as of 20061012 concurs with the dispute

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://marc.info/?l=bugtraq&m=116059865515095&w=2
http://www.securityfocus.com/archive/1/448293/100/0/threaded
http://www.securityfocus.com/bid/20461
http://marc.info/?l=bugtraq&m=116059865515095&w=2
http://www.securityfocus.com/archive/1/448293/100/0/threaded
http://www.securityfocus.com/bid/20461

Products affected by CVE-2006-5255

Greg Neustaetter » Gcards » Version: 1.13

cpe:2.3:a:greg_neustaetter:gcards:1.13

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-5255

Products

Pricing

Contact Us