CVE-2006-6592
Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php.
Published
2006-12-15T19:28:00.000
Last Modified
2025-04-09T00:30:58.490
Status
Deferred
Source
[email protected]
Severity
CVSSv2: 7.5 (HIGH)
CVSSv2 Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
- Access Vector: NETWORK
- Access Complexity: LOW
- Authentication: NONE
- Confidentiality Impact: PARTIAL
- Integrity Impact: PARTIAL
- Availability Impact: PARTIAL
Exploitability Score
10.0
Impact Score
6.4
Weaknesses
-
Type: Primary
NVD-CWE-Other
Affected Vendors & Products
| Type |
Vendor |
Product |
Version/Range |
Vulnerable? |
| Application |
php
|
bloq
|
0.5.4 |
Yes
|
References