CVE-2006-1013 - PHP remote file include vulnerability in index.php in SMartBlog (aka SMBlog) 1.2 allows remote attac

CVE-2006-1013

Summary

PHP remote file include vulnerability in index.php in SMartBlog (aka SMBlog) 1.2 allows remote attackers to include and execute arbitrary PHP files via (1) the pg parameter and (2) a query string without a parameter.

References

http://www.securityfocus.com/archive/1/426498/100/0/threaded
http://www.securityfocus.com/bid/16905
https://exchange.xforce.ibmcloud.com/vulnerabilities/25220

Vulnerable Configurations

cpe:2.3:a:smartblog:smartblog:1.2:*:*:*:*:*:*:*
cpe:2.3:a:smartblog:smartblog:1.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2018 - 16:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16905
bugtraq	20060301 SMBlog Remote Command Exucetion
xf	smartblog-index-file-include(25220)

Last major update

18-10-2018 - 16:30

Published

07-03-2006 - 00:02

Last modified

18-10-2018 - 16:30