exploitDog

CVE-2006-4004

Опубликовано: 07 авг. 2006

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vbportal:vbportal:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:vbportal:vbportal:3.5.0_beta_2:*:*:*:*:*:*:*

cpe:2.3:a:vbportal:vbportal:3.5.0_beta_3:*:*:*:*:*:*:*

cpe:2.3:a:vbportal:vbportal:3.5.0_gold:*:*:*:*:*:*:*

cpe:2.3:a:vbportal:vbportal:3.6.0_beta_1:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.09854

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-7rp4-2fj5-fj8w

github

почти 4 года назад

Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

EPSS

Процентиль: 93%

0.09854

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other