[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-2686Date: (C)2006-05-31   (M)2023-12-22


PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
EXPLOIT-DB-1829
BID-19133
SECUNIA-20299
OSVDB-27253
OSVDB-27254
OSVDB-27256
OSVDB-27257
OSVDB-27258
OSVDB-27259
OSVDB-27260
OSVDB-27261
OSVDB-27262
OSVDB-27263
OSVDB-27264
OSVDB-27265
OSVDB-27266
OSVDB-27267
OSVDB-27268
OSVDB-27269
OSVDB-27270
OSVDB-27271
OSVDB-27272
OSVDB-27273
OSVDB-27274
OSVDB-27275
OSVDB-27276
OSVDB-27277
OSVDB-27278
OSVDB-27279
OSVDB-27280
OSVDB-27281
OSVDB-27282
OSVDB-27283
OSVDB-27284
OSVDB-27285
OSVDB-27286
OSVDB-27287
OSVDB-27288
OSVDB-27289
OSVDB-27290
OSVDB-27291
OSVDB-27292
OSVDB-27293
OSVDB-27294
OSVDB-27295
OSVDB-27296
OSVDB-27297
OSVDB-27298
OSVDB-27299
OSVDB-27300
OSVDB-27301
OSVDB-27302
OSVDB-27303
OSVDB-27304
OSVDB-27305
OSVDB-27306
OSVDB-27308
OSVDB-27309
OSVDB-27310
ADV-2006-1997
actionapps-globals-file-include(26776)

CWE    1
CWE-94

© SecPod Technologies