CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-7024

Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.9%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/18614
https://exchange.xforce.ibmcloud.com/vulnerabilities/27308
https://www.exploit-db.com/exploits/1943
http://www.securityfocus.com/bid/18614
https://exchange.xforce.ibmcloud.com/vulnerabilities/27308
https://www.exploit-db.com/exploits/1943

Products affected by CVE-2006-7024

Harpia » Harpia Cms » Version: Any

cpe:2.3:a:harpia:harpia_cms:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-7024

Products

Pricing

Contact Us