nvd-json-data-feeds/CVE-2006/CVE-2006-59xx/CVE-2006-5911.json

{
  "id": "CVE-2006-5911",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2006-11-15T15:07:00.000",
  "lastModified": "2008-09-05T21:13:26.557",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inclusi\u00f3n remota de archivo en PHP en Campware Campsite anterior a 2.6.2 permiten a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante un URL en el par\u00e1metro g_documentRoot de los ficheros (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, y (35) UserType.php en implementation/management/classes/; (36) configuration.php y (37) db_connect.php en implementation/management/; y (38) LocalizerConfig.php y (39) LocalizerLanguage.php en implementation/management/priv/localizer/."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": true,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:campware.org:campsite:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D091DD-14CA-42BB-9E2B-BCE5F0A18112"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:campware.org:campsite:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "805E8DFB-4BC3-4401-8081-744FCCC7DBA5"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://code.campware.org/projects/campsite/changeset/6057",
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://code.campware.org/projects/campsite/changeset/6058",
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://code.campware.org/projects/campsite/query?milestone=2.6.2",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://code.campware.org/projects/campsite/ticket/2349",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936",
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/23874",
      "source": "cve@mitre.org"
    }
  ]
}