Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3317

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3317
Last Modified 07 Mar 2011 09:38:20
Published 29 Jun 2006 05:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3317

Summary

PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.

Vulnerable Systems

Application

  • Spiffyjr Phpraid 3.0.6


References

VUPEN - ADV-2006-2593

BUGTRAQ - 20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities

MISC - http://secunia.com/secunia_research/2006-47/advisory/

SECUNIA - 20865

XF - phpraid-rss-file-include(33100)

XF - phpraid-announcements-file-include(27462)

BID - 23066

BID - 18719

CONFIRM - http://www.phpraider.com/index.php?action=tpmod;dl=item10

OSVDB - 26889

OSVDB - 26888

MILW0RM - 3528

SREASON - 1173

FULLDISC - 20060629 Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities


Last Updated: 27 May 2016 10:42:57