CVE-2006-3850

Опубликовано: 25 июл. 2006

Источник: nvd

CVSS2: 5.1

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lussumo:vanilla:*:*:*:*:*:*:*:*

Версия до 1.0.1 (включая)

EPSS

Процентиль: 91%

0.06636

Низкий

5.1 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-2j3g-cq99-w5x4

github

почти 4 года назад

** DISPUTED ** PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected.