ID CVE-2006-0628
Summary myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable.
References
Vulnerable Configurations
  • cpe:2.3:a:dale_ray:myquiz:1.01:*:*:*:*:*:*:*
    cpe:2.3:a:dale_ray:myquiz:1.01:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq
  • 20060203 [eVuln] MyQuiz Arbitrary Command Execution Vulnerability
  • 20060207 MyQuiz Arbitrary Command Execution Exploit (perl)
misc
osvdb 22925
secunia 18737
sreason 409
vim 20060209 Vendor ACK for MyQuiz
vupen ADV-2006-0443
xf myquiz-pathinfo-command-execution(24501)
Last major update 19-10-2018 - 15:45
Published 10-02-2006 - 11:02
Last modified 19-10-2018 - 15:45
Back to Top