CVE-2006-7047

Current Description

include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution.

Basic Data

PublishedFebruary 24, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationShoutproShoutpro1.0*******

Vulnerable Software List

VendorProductVersions
Shoutpro Shoutpro 1.0

References

NameSourceURLTags
2303http://securityreason.com/securityalert/2303SREASON
20060613 Shoutpro 1.0 Version - Remote File Include Vulnerabilityhttp://www.securityfocus.com/archive/1/436975/30/4440/threadedBUGTRAQ
20060613 Re: Shoutpro 1.0 Version - Remote File Include Vulnerabilityhttp://www.securityfocus.com/archive/1/436997/30/4410/threadedBUGTRAQ
shoutpro-include-file-include(27111)https://exchange.xforce.ibmcloud.com/vulnerabilities/27111XF