Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0887

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0887
Last Modified 07 Mar 2011 12:00:00
Published 25 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0887

Summary

Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory.

Vulnerable Systems

Application

  • Phplib Team Phplib 7.4


References

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=31885&release_id=396091

SECUNIA - 16902

XF - phplib-code-execution(24873)

VUPEN - ADV-2006-0720

BID - 16801

OSVDB - 23466

MISC - http://www.gulftech.org/?node=research&article_id=00107-03052006

SECTRACK - 1016123


Last Updated: 27 May 2016 10:41:50