CVE-2006-3554

{"id": "CVE-2006-3554", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-07-13T00:05:00.000", "references": [{"url": "http://secunia.com/advisories/20884", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1234", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016403", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/438614/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18707", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2598", "source": "cve@mitre.org"}, {"url": "http://www.worlddefacers.de/Public/WD-MKP.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27451", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en index.php en MKPortal 1.0.1 Final. Permite a atqacantes remotos incluir y ejecutar archivos locales arbitrarios a trav\u00e9s de secuencias de salto de directorio en la cookie language, como se demostr\u00f3 usando una cookie gl_session para inyectar secuencias PHP en el archivo error.log, el cual se incluye en ese momento por index.php con comandos maliciosos accesible por el par\u00e1metro ind."}], "lastModified": "2018-10-18T16:47:56.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mkportal:mkportal:1.0.1_final:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "216B020A-24C8-4CEA-B039-FCD48C0B999B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}