CVE-2006-6966

Current Description

phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy.

Basic Data

PublishedFebruary 04, 2007
Last ModifiedJuly 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPhpgraphyPhpgraphy0.9*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.1*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.2*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.3*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.4*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.5*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.6*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.7*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.8*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.9*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.9a*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.10*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.10a*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.11*******
    2.3ApplicationPhpgraphyPhpgraphy0.9.12*******
    2.3ApplicationPhpgraphyPhpgraphy********0.9.13

Vulnerable Software List

VendorProductVersions
Phpgraphy Phpgraphy *, 0.9, 0.9.1, 0.9.10, 0.9.10a, 0.9.11, 0.9.12, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.9a

References

NameSourceURLTags
http://phpgraphy.sourceforge.net/changelog.phphttp://phpgraphy.sourceforge.net/changelog.phpCONFIRM
http://retrogod.altervista.org/phpgraphy_0912_zhdkoi_cmd.htmlhttp://retrogod.altervista.org/phpgraphy_0912_zhdkoi_cmd.htmlMISCExploit
1017571http://securitytracker.com/id?1017571SECTRACKExploit
http://sourceforge.net/forum/forum.php?forum_id=659277http://sourceforge.net/forum/forum.php?forum_id=659277CONFIRMPATCH
phpgraphy-config-file-include(30634)https://exchange.xforce.ibmcloud.com/vulnerabilities/30634XF