CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-5894

Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.09

EPSS Ranking 92.2%

CVSS Severity

CVSS v2 Score 6.8

References

http://secunia.com/advisories/22847
http://www.rahim.webd.pl/exploit127.html
http://www.securityfocus.com/bid/21009
http://www.vupen.com/english/advisories/2006/4473
https://exchange.xforce.ibmcloud.com/vulnerabilities/30183
https://www.exploit-db.com/exploits/2760
http://secunia.com/advisories/22847
http://www.rahim.webd.pl/exploit127.html
http://www.securityfocus.com/bid/21009
http://www.vupen.com/english/advisories/2006/4473
https://exchange.xforce.ibmcloud.com/vulnerabilities/30183
https://www.exploit-db.com/exploits/2760

Products affected by CVE-2006-5894

Rama Cms » Rama Cms » Version: Any

cpe:2.3:a:rama_cms:rama_cms:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-5894

Products

Pricing

Contact Us