CVE-2006-4311

Published Aug 23, 2006

Last updated a year ago

Overview

Description: PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sonium:enterprise_adressbook:0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0DC1E2C-DED9-440E-81A2-083D1CF66F25"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References