| Vulnerability Name: | CVE-2006-0887 (CCN-24873) | ||||||||
| Assigned: | 2006-02-24 | ||||||||
| Published: | 2006-02-24 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. Note: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-94 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0887 Source: MITRE Type: CNA CVE-2006-2826 Source: CCN Type: PHPLIB Web site PHP Base Library Source: CCN Type: SA16902 PHPLIB Session Handling SQL Injection Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 16902 Source: CCN Type: SECTRACK ID: 1016123 PHPLib Input Validation Flaws Let Remote Users Inject SQL Commands and Execute Arbitrary PHP Code Source: SECTRACK Type: UNKNOWN 1016123 Source: CONFIRM Type: Patch http://sourceforge.net/project/shownotes.php?group_id=31885&release_id=396091 Source: MISC Type: UNKNOWN http://www.gulftech.org/?node=research&article_id=00107-03052006 Source: OSVDB Type: UNKNOWN 23466 Source: CCN Type: OSVDB ID: 23466 PHPLIB Unspecified Remote Code Execution Source: BID Type: UNKNOWN 16801 Source: CCN Type: BID-16801 PHPLIB Unspecified Code Execution Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2006-0720 Source: XF Type: UNKNOWN phplib-code-execution(24873) Source: XF Type: UNKNOWN phplib-code-execution(24873) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||