Sign-up

ID

VAR-200610-0292


CVE

CVE-2006-5520


TITLE

DeltaScripts PHP Classifieds of functions.php In PHP Remote file inclusion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2006-001438

DESCRIPTION

PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. Version 7.1 is vulnerable; other versions may also be affected. This BID is being retired because further information shows that the application is not vulnerable to this issue

Trust: 2.43

sources: NVD: CVE-2006-5520 // JVNDB: JVNDB-2006-001438 // CNVD: CNVD-2006-8140 // BID: 20649

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-8140

AFFECTED PRODUCTS

vendor:deltascriptsmodel:php classifiedsscope:eqversion:7.1

Trust: 2.7

vendor:phpmodel:classifieds deltascriptsscope:eqversion:7.1

Trust: 0.6

sources: CNVD: CNVD-2006-8140 // BID: 20649 // JVNDB: JVNDB-2006-001438 // CNNVD: CNNVD-200610-436 // NVD: CVE-2006-5520

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5520
value: HIGH

Trust: 1.0

NVD: CVE-2006-5520
value: HIGH

Trust: 0.8

CNVD: CNVD-2006-8140
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200610-436
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2006-5520
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2006-8140
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-8140 // JVNDB: JVNDB-2006-001438 // CNNVD: CNNVD-200610-436 // NVD: CVE-2006-5520

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5520

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200610-436

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200610-436

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001438

PATCH
title:Top Pageurl:http://www.deltascripts.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001438

EXTERNAL IDS
db:NVDid:CVE-2006-5520
Trust: 3.0
db:BIDid:20649
Trust: 2.5
db:SREASONid:1778
Trust: 1.6
db:JVNDBid:JVNDB-2006-001438
Trust: 0.8
db:CNVDid:CNVD-2006-8140
Trust: 0.6
db:XFid:29687
Trust: 0.6
db:BUGTRAQid:20061020 PHP CLASSIFIEDS 7.1 - REMOTE FILE INCLUDE VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-200610-436
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2006-8140 // 
            
            
            
            BID: 20649 // 
            
            
            
            JVNDB: JVNDB-2006-001438 // 
            
            
            
            CNNVD: CNNVD-200610-436 // 
            
            
            
            NVD: CVE-2006-5520

REFERENCES
url:http://www.securityfocus.com/bid/20649
Trust: 2.2
url:http://securityreason.com/securityalert/1778
Trust: 1.6
url:http://www.securityfocus.com/archive/1/449295/100/0/threaded
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/29687
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5520
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5520
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/29687
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/449295/100/0/threaded
Trust: 0.6
url:http://www.deltascripts.com/phpclassifieds
Trust: 0.3
url:/archive/1/449295
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2006-8140 // 
            
            
            
            BID: 20649 // 
            
            
            
            JVNDB: JVNDB-2006-001438 // 
            
            
            
            CNNVD: CNNVD-200610-436 // 
            
            
            
            NVD: CVE-2006-5520

CREDITS
Le CoPrA is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 20649 // 
            
            
            
            CNNVD: CNNVD-200610-436

SOURCES
db:CNVDid:CNVD-2006-8140
db:BIDid:20649
db:JVNDBid:JVNDB-2006-001438
db:CNNVDid:CNNVD-200610-436
db:NVDid:CVE-2006-5520

LAST UPDATE DATE
2024-08-14T13:50:37.007000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2006-8140date:2006-10-26T00:00:00
db:BIDid:20649date:2007-01-15T22:50:00
db:JVNDBid:JVNDB-2006-001438date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200610-436date:2006-10-30T00:00:00
db:NVDid:CVE-2006-5520date:2018-10-17T21:43:43.660

SOURCES RELEASE DATE
db:CNVDid:CNVD-2006-8140date:2006-10-26T00:00:00
db:BIDid:20649date:2006-10-20T00:00:00
db:JVNDBid:JVNDB-2006-001438date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200610-436date:2006-10-26T00:00:00
db:NVDid:CVE-2006-5520date:2006-10-26T16:07:00