CVE-2006-4285

Опубликовано: 22 авг. 2006

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected.

Ссылки

http://fscripts.com/index.php
Patch
http://secunia.com/advisories/21571
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/457680/100/0/threaded
http://www.securityfocus.com/bid/19613
Exploit
Patch
http://www.vupen.com/english/advisories/2006/3336
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28469
https://www.exploit-db.com/exploits/2221
http://fscripts.com/index.php
Patch
http://secunia.com/advisories/21571
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/457680/100/0/threaded
http://www.securityfocus.com/bid/19613
Exploit
Patch
http://www.vupen.com/english/advisories/2006/3336
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28469
https://www.exploit-db.com/exploits/2221

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:fscripts:fantastic_news:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:fscripts:fantastic_news:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:fscripts:fantastic_news:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:fscripts:fantastic_news:2.1.5:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.14752

Средний

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-4gc3-8hmv-3556

github

почти 4 года назад