CVE-2006-5509

{"id": "CVE-2006-5509", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-10-25T22:07:00.000", "references": [{"url": "http://secunia.com/advisories/22442", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1774", "source": "cve@mitre.org"}, {"url": "http://www.security.nnov.ru/Odocument711.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/448796/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20563", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4062", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29599", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22442", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/1774", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.security.nnov.ru/Odocument711.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/448796/100/100/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/20563", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4062", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29599", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de Eval en el archivo addentry.php de WoltLab Burning Book 1.1.2 permite a atacantes remotos la ejecuci\u00f3n de c\u00f3digo PHP de su elecci\u00f3n mediante peticiones POST manipuladas que almacenan c\u00f3digo PHP en la Base de Datos que son luego procesados por el \"eval\", como el demostrado usando inyecciones de SQL a trav\u00e9s del par\u00e1metros n."}], "lastModified": "2024-11-21T00:19:31.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:woltlab:burning_book:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B919D8D-D6E9-4171-9D59-8CA72EA78210"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}