CVE-2006-5101
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-94
Control incorrecto de generación de código (Inyección de código)
Fecha de publicación:
03/10/2006
Última modificación:
17/10/2018
Descripción
Vulnerabilidad PHP de inclusión remota de archivo en include.php en Comdev CSV Importer 3.1 y posiblemente 4.1, utilizado en (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, y (12) Comdev eCommerce 3.1, permite a un atacante remoto ejecutar código PHP de su elección a través de un URL en el parámetro path["docroot"].
Impacto
Puntuación base 2.0
7.50
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:comdev:comdev_csv_importer:3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:comdev:comdev_csv_importer:4.1:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://secunia.com/advisories/22133
- http://secunia.com/advisories/22134
- http://secunia.com/advisories/22135
- http://secunia.com/advisories/22147
- http://secunia.com/advisories/22149
- http://secunia.com/advisories/22151
- http://secunia.com/advisories/22153
- http://secunia.com/advisories/22154
- http://secunia.com/advisories/22157
- http://secunia.com/advisories/22168
- http://secunia.com/advisories/22169
- http://secunia.com/advisories/22170
- http://securityreason.com/securityalert/1658
- http://www.osvdb.org/29299
- http://www.osvdb.org/29300
- http://www.osvdb.org/29301
- http://www.osvdb.org/29302
- http://www.osvdb.org/29303
- http://www.osvdb.org/29304
- http://www.osvdb.org/29305
- http://www.osvdb.org/29306
- http://www.osvdb.org/29307
- http://www.osvdb.org/29308
- http://www.osvdb.org/29309
- http://www.osvdb.org/29310
- http://www.osvdb.org/29311
- http://www.securityfocus.com/archive/1/447184/100/0/threaded
- http://www.securityfocus.com/archive/1/447185/100/0/threaded
- http://www.securityfocus.com/archive/1/447186/100/0/threaded
- http://www.securityfocus.com/archive/1/447187/100/0/threaded
- http://www.securityfocus.com/archive/1/447188/100/0/threaded
- http://www.securityfocus.com/archive/1/447190/100/0/threaded
- http://www.securityfocus.com/archive/1/447192/100/0/threaded
- http://www.securityfocus.com/archive/1/447193/100/0/threaded
- http://www.securityfocus.com/archive/1/447194/100/0/threaded
- http://www.securityfocus.com/archive/1/447201/100/0/threaded
- http://www.securityfocus.com/archive/1/447207/100/0/threaded
- http://www.securityfocus.com/archive/1/447209/100/0/threaded
- http://www.securityfocus.com/archive/1/447213/100/0/threaded
- http://www.vupen.com/english/advisories/2006/3803
- http://www.vupen.com/english/advisories/2006/3804
- http://www.vupen.com/english/advisories/2006/3805
- http://www.vupen.com/english/advisories/2006/3806
- http://www.vupen.com/english/advisories/2006/3807
- http://www.vupen.com/english/advisories/2006/3808
- http://www.vupen.com/english/advisories/2006/3809
- http://www.vupen.com/english/advisories/2006/3810
- http://www.vupen.com/english/advisories/2006/3811
- http://www.vupen.com/english/advisories/2006/3812
- http://www.vupen.com/english/advisories/2006/3813
- http://www.vupen.com/english/advisories/2006/3814
- http://www.vupen.com/english/advisories/2006/3815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29220