CVE-2006-1022 - PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShi

CVE-2006-1022

Summary

PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uye_klasor parameter, along with a misafir[] parameter that is set to UYE_SEVIYE. This vulnerability affects PeHePe, Membership Management System (a.k.a Uyelik Sistemi) versions 3.0 and previous.

References

Vulnerable Configurations

cpe:2.3:a:pehepe:membership_management_system:3.0:*:*:*:*:*:*:*
cpe:2.3:a:pehepe:membership_management_system:3.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2018 - 16:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	16887
bugtraq	20060228 PEHEPE Membership Management System Multiple Vulnerabilities
misc	http://yns.zaxaz.com/2006/02/28/pehepe-membership-management-system-multiple-vulnerabilities/
osvdb	23567
secunia	19055
sreason	515
vupen	ADV-2006-0781
xf	pehepe-uyeklasor-command-execution(24970)

Last major update

18-10-2018 - 16:30

Published

07-03-2006 - 00:02

Last modified

18-10-2018 - 16:30