CVE-2006-7107 - PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows re

CVE-2006-7107

Summary

PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.

References

http://www.securityfocus.com/bid/20785
https://exchange.xforce.ibmcloud.com/vulnerabilities/29879
https://www.exploit-db.com/exploits/2665

Vulnerable Configurations

cpe:2.3:a:coalescent_systems:freepbx:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:coalescent_systems:freepbx:2.1.3:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	20785
exploit-db	2665
xf	freepbx-upgrade-file-include(29879)

Last major update

11-10-2017 - 01:31

Published

03-03-2007 - 21:19

Last modified

11-10-2017 - 01:31