CVE-2006-0757
Published Feb 18, 2006
Last updated 7 years ago
Overview
- Description
- Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hivemail:hivemail:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD125F9D-1E13-419C-900B-6BF71A5E98B1"
},
{
"criteria": "cpe:2.3:a:hivemail:hivemail:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CDA700A-A6AA-49EB-B847-E995A341FFFF"
},
{
"criteria": "cpe:2.3:a:hivemail:hivemail:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81A19437-0D2F-4C1F-B37E-6B0BC98993D0"
},
{
"criteria": "cpe:2.3:a:hivemail:hivemail:1.2.1_beta1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B310602-7C6C-4C36-AE99-605F3932AB14"
},
{
"criteria": "cpe:2.3:a:hivemail:hivemail:1.2.1_rc:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C444230-0988-49BD-BCFE-439A33FD9912"
},
{
"criteria": "cpe:2.3:a:hivemail:hivemail:1.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "681B2B76-9AFC-45B2-960F-F8309A01444C"
},
{
"criteria": "cpe:2.3:a:hivemail:hivemail:1.2_sp1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "256B2BD7-34EA-42A7-A3F3-6F0F49FAD921"
},
{
"criteria": "cpe:2.3:a:hivemail:hivemail:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD9FE2A5-70D8-41A7-B201-541761EF8914"
},
{
"criteria": "cpe:2.3:a:hivemail:hivemail:1.3_beta1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D43770F-B354-4F6F-BADB-246E3D1C2777"
},
{
"criteria": "cpe:2.3:a:hivemail:hivemail:1.3_rc1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02247FB6-3D9D-47E6-A6A0-3F772421193A"
}
],
"operator": "OR"
}
]
}
]