ID |
CVE-2006-1959
|
Summary |
PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:actualscripts:actualanalyzer:2.72:*:lite:*:*:*:*:*
cpe:2.3:a:actualscripts:actualanalyzer:2.72:*:lite:*:*:*:*:*
-
cpe:2.3:a:actualscripts:actualanalyzer:7.63:gold:*:*:*:*:*:*
cpe:2.3:a:actualscripts:actualanalyzer:7.63:gold:*:*:*:*:*:*
-
cpe:2.3:a:actualscripts:actualanalyzer:*:*:server:*:*:*:*:*
cpe:2.3:a:actualscripts:actualanalyzer:*:*:server:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 18-10-2018 - 16:37) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 17597 | bugtraq | - 20060419 [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability
- 20060520 ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability
| osvdb | 24778 | sectrack | 1015967 | secunia | 19743 | sreason | 742 | vupen | ADV-2006-1430 | xf | actualanalyzer-direct-file-include(25893) |
|
Last major update |
18-10-2018 - 16:37 |
Published |
21-04-2006 - 10:02 |
Last modified |
18-10-2018 - 16:37 |