1. CVE-Search
  2. CVE-2006-3317
ID CVE-2006-3317
Summary PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.
References
Vulnerable Configurations
  • cpe:2.3:a:spiffyjr:phpraid:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:spiffyjr:phpraid:3.0.6:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 18-10-2018 - 16:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid
  • 18719
  • 23066
bugtraq 20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities
confirm http://www.phpraider.com/index.php?action=tpmod;dl=item10
exploit-db 3528
fulldisc 20060629 Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities
misc http://secunia.com/secunia_research/2006-47/advisory/
osvdb
  • 26888
  • 26889
secunia 20865
sreason 1173
vupen ADV-2006-2593
xf
  • phpraid-announcements-file-include(27462)
  • phpraid-rss-file-include(33100)
Last major update 18-10-2018 - 16:46
Published 29-06-2006 - 21:05
Last modified 18-10-2018 - 16:46
Back to Top