Vulnerability Details CVE-2006-5258
The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 85.3%
CVSS Severity
CVSS v2 Score 5.1
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0306.html
- http://editor.asbrusoft.com/page.php/id=727
- http://secunia.com/advisories/22344
- http://secunia.com/advisories/22353
- http://secunia.com/advisories/22472
- http://wcm.asbrusoft.com/page.php/id=791
- http://www.securityfocus.com/bid/20544
- http://www.vupen.com/english/advisories/2006/4004
- http://www.vupen.com/english/advisories/2006/4060
- http://www.vupen.com/english/advisories/2006/4061
- http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0306.html
- http://editor.asbrusoft.com/page.php/id=727
- http://secunia.com/advisories/22344
- http://secunia.com/advisories/22353
- http://secunia.com/advisories/22472
- http://wcm.asbrusoft.com/page.php/id=791
- http://www.securityfocus.com/bid/20544
- http://www.vupen.com/english/advisories/2006/4004
- http://www.vupen.com/english/advisories/2006/4060
- http://www.vupen.com/english/advisories/2006/4061
Products affected by CVE-2006-5258
-
cpe:2.3:a:asbru_software:asbru_web_content_management:*
-
cpe:2.3:a:asbru_software:asbru_web_content_management:6.0
-
cpe:2.3:a:asbru_software:asbru_web_content_management:6.0.17
-
cpe:2.3:a:asbru_software:asbru_web_content_management:6.1
-
cpe:2.3:a:asbru_software:asbru_web_content_management:6.1.19
-
cpe:2.3:a:asbru_software:asbru_website_manager:6.0.20