Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1212

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1212
Last Modified 05 Sep 2008 05:01:18
Published 13 Mar 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1212

Summary

Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a "page" parameter or variable.

Vulnerable Systems

Application

  • Corenews 2.0.1


References

XF - corenews-index-command-execution(25180)

BID - 17067

BUGTRAQ - 20060309 CoreNews 2.0.1 Remote Command Exucetion

MISC - http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1

OSVDB - 24080

SREASON - 754

VIM - 20060313 Oddness - CoreNews 2.0.1 Remote Command Exucetion


Last Updated: 27 May 2016 10:41:58