[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-5507Date: (C)2006-10-25   (M)2023-12-22


Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-20702
SECUNIA-22546
OSVDB-29950
OSVDB-29951
OSVDB-29952
OSVDB-29953
OSVDB-29954
OSVDB-29955
OSVDB-29956
OSVDB-29957
OSVDB-29958
OSVDB-29959
ADV-2006-4164
der-dirigent-cfgdedi-file-include(29760)
http://packetstormsecurity.org/0610-exploits/Derdirigent.txt

CWE    1
CWE-94

© SecPod Technologies