CVE-2006-1658 - Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows rem

CVE-2006-1658

Summary

Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts.

References

http://evuln.com/vulns/121/summary.html
http://secunia.com/advisories/19526
http://www.osvdb.org/24398
http://www.securityfocus.com/archive/1/431344/100/0/threaded
http://www.securityfocus.com/bid/17387
http://www.vupen.com/english/advisories/2006/1243
https://exchange.xforce.ibmcloud.com/vulnerabilities/25639

Vulnerable Configurations

cpe:2.3:a:chucky_a._ivey:n.t.:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:chucky_a._ivey:n.t.:1.1.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2018 - 16:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	17387
bugtraq	20060419 [eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities
misc	http://evuln.com/vulns/121/summary.html
osvdb	24398
secunia	19526
vupen	ADV-2006-1243
xf	nt-ticker-file-include(25639)

Last major update

18-10-2018 - 16:33

Published

07-04-2006 - 10:04

Last modified

18-10-2018 - 16:33