ID CVE-2006-2557
Summary PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:florian_amrhein:newsportal:0.36:*:*:*:*:*:*:*
    cpe:2.3:a:florian_amrhein:newsportal:0.36:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 18000
bugtraq
  • 20060515 Newsportal: code injection vulnerability
  • 20060517 Newsportal <= 0.36 Remote File Inclusion Vulnerability
confirm http://florian-amrhein.de/newsportal/forum/article?id=1&group=amrhein.newsportal
exploit-db 1789
osvdb
  • 25531
  • 25577
secunia
  • 20119
  • 20128
sreason 947
vupen ADV-2006-1838
xf
  • newsportal-poll-code-execution(26471)
  • trnewsportal-poll-file-include(26439)
Last major update 19-10-2017 - 01:29
Published 24-05-2006 - 01:02
Last modified 19-10-2017 - 01:29
Back to Top