[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-5220Date: (C)2006-10-10   (M)2023-12-22


Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017023
SREASON-1702
http://www.securityfocus.com/archive/1/archive/1/448009/100/0/threaded
BID-20406
SECUNIA-22336
EXPLOIT-DB-2496
OSVDB-29643
OSVDB-29644
OSVDB-29645
OSVDB-29646
OSVDB-29647
OSVDB-29648
OSVDB-29649
OSVDB-29650
OSVDB-29651
OSVDB-29652
OSVDB-29653
OSVDB-29654
OSVDB-29655
OSVDB-29656
OSVDB-29657
OSVDB-29658
OSVDB-29659
OSVDB-29660
OSVDB-29661
OSVDB-29662
OSVDB-29663
ADV-2006-3972
http://advisories.echo.or.id/adv/adv48-theday-2006.txt
http://www.obdev.at/products/webyep/release-notes.html
webyep-webyep-file-include(29397)

CWE    1
CWE-94

© SecPod Technologies