exploitDog

CVE-2006-4451

Опубликовано: 30 авг. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php.

Ссылки

http://secunia.com/advisories/21561
Vendor Advisory
http://secunia.com/secunia_research/2006-61/advisory/
Vendor Advisory
http://www.securityfocus.com/bid/19748
http://www.vupen.com/english/advisories/2006/3406
http://secunia.com/advisories/21561
Vendor Advisory
http://secunia.com/secunia_research/2006-61/advisory/
Vendor Advisory
http://www.securityfocus.com/bid/19748
http://www.vupen.com/english/advisories/2006/3406

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cj_design:cj_tag_board:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00741

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-9m9g-6mgv-4fgc

github

почти 4 года назад

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php.

EPSS

Процентиль: 72%

0.00741

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other