ID CVE-2006-6661
Summary Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3) newusername, (4) adminuser, and (5) permission parameters.
References
Vulnerable Configurations
  • cpe:2.3:a:php-update:php-update:*:*:*:*:*:*:*:*
    cpe:2.3:a:php-update:php-update:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
exploit-db 2953
secunia 23407
vupen ADV-2006-5088
Last major update 19-10-2017 - 01:29
Published 20-12-2006 - 23:28
Last modified 19-10-2017 - 01:29
Back to Top