CVE-2006-2098

Published Apr 29, 2006

Last updated 3 months ago

CVSS info 7.5

Overview

Description: PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:php_thumbnail_autoindex:php_thumbnail_autoindex:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D679A99-E54F-4A49-A9BF-AE3329B6FFD6"
          },
          {
            "criteria": "cpe:2.3:a:php_thumbnail_autoindex:php_thumbnail_autoindex:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBBF5D6C-FCCD-49C8-8582-E32BEA3CED34"
          },
          {
            "criteria": "cpe:2.3:a:php_thumbnail_autoindex:php_thumbnail_autoindex:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38EE8566-48E8-4D2B-8304-81981FD26D8E"
          },
          {
            "criteria": "cpe:2.3:a:php_thumbnail_autoindex:php_thumbnail_autoindex:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59EAABD0-DB20-49AD-B2CD-2C7B96893EE0"
          },
          {
            "criteria": "cpe:2.3:a:php_thumbnail_autoindex:php_thumbnail_autoindex:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98759138-C547-48DE-A506-DD62560E8BA2"
          },
          {
            "criteria": "cpe:2.3:a:php_thumbnail_autoindex:php_thumbnail_autoindex:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EA1834B-A299-4883-94F2-5A9D4865F3AC"
          },
          {
            "criteria": "cpe:2.3:a:php_thumbnail_autoindex:php_thumbnail_autoindex:1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9F0E0A4-EA5A-4289-999C-FBB8DAA8D134"
          },
          {
            "criteria": "cpe:2.3:a:php_thumbnail_autoindex:php_thumbnail_autoindex:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4835121D-8E1F-4E2E-AA31-F2E62B661725"
          },
          {
            "criteria": "cpe:2.3:a:php_thumbnail_autoindex:php_thumbnail_autoindex:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42E49828-BB6D-4D9B-BE87-9915DB9DB100"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References