CVE-2006-6966

Опубликовано: 04 фев. 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:phpgraphy:phpgraphy:*:*:*:*:*:*:*:*

Версия до 0.9.13 (включая)

cpe:2.3:a:phpgraphy:phpgraphy:0.9:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.9:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.9a:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.10:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.10a:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.11:*:*:*:*:*:*:*

cpe:2.3:a:phpgraphy:phpgraphy:0.9.12:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.04002

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-3qpg-c9c8-hv6g

github

почти 4 года назад