Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2006-1994

Опубликовано: 25 апр. 2006
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:dforum:dforum:1.5:*:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.067
Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-w7pf-6mr9-w9fp

github
почти 4 года назад

PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php.

EPSS

Процентиль: 91%
0.067
Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other