CVE-2006-4004

{"id": "CVE-2006-4004", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-08-07T19:04:00.000", "references": [{"url": "http://secunia.com/advisories/21287", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.phpportals.com/forums/showthread.php?t=17308", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19257", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3102", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28077", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/2087", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en index.php de vbPortal 3.0.2 hasta 3.6.0 Beta 1, cuando magic_quotes_gpc est\u00e1 deshabilitado, permite a atacantes remotos incluir y ejecutar ficheros locales mediante secuencias de salto de directorio el la cookie bbvbplang, como ha sido demostrado inyectando secuencias PHP en el fichero de log del Apache HTTP Server, el cual es incluido en index.php."}], "lastModified": "2017-10-19T01:29:16.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vbportal:vbportal:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E790B9DB-9FDF-4453-9B82-EF26CDF502E2"}, {"criteria": "cpe:2.3:a:vbportal:vbportal:3.5.0_beta_2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F108CB4-03BE-48EF-9750-9BCA8466EB77"}, {"criteria": "cpe:2.3:a:vbportal:vbportal:3.5.0_beta_3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85AE2322-477D-4F7F-BA85-CD2241C4E1A6"}, {"criteria": "cpe:2.3:a:vbportal:vbportal:3.5.0_gold:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A22D54A-E0FC-4B84-AF40-DD5E8D1DFD0A"}, {"criteria": "cpe:2.3:a:vbportal:vbportal:3.6.0_beta_1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CE8102A-4746-4220-92F5-E4688A96B189"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}