Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3173

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3173
Last Modified 05 Sep 2008 05:06:25
Published 22 Jun 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3173

Summary

Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path[cb] parameter to (a) libraries/comment/postComment.php and (b) modules/poll/poll.php, (2) rel parameter to (c) modules/archive/overview.inc.php, and the (3) actualModuleDir parameter to (d) modules/forum/showThread.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Systems

Application

  • Content%2abuilder 0.7.5


References

XF - contentbuilder-multiple-file-include(27044)

SECUNIA - 20557

BID - 25914

BUGTRAQ - 20071003 Content Builder 0.7.5 RFI Bug


Last Updated: 27 May 2016 10:42:54