ID CVE-2006-1294
Summary PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:knowledgebasepublisher:knowledgebasepublisher:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:knowledgebasepublisher:knowledgebasepublisher:1.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 17120
confirm http://sourceforge.net/project/shownotes.php?release_id=402179&group_id=144153
exploit-db 1587
osvdb 24002
secunia 19298
vupen ADV-2006-1020
xf knowledgebasepublisher-dir-file-include(25338)
Last major update 11-10-2017 - 01:30
Published 19-03-2006 - 23:02
Last modified 11-10-2017 - 01:30
Back to Top