CVE-2006-7130

Current Description

PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.

Basic Data

PublishedMarch 06, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-94
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationJinzoraJinzora0.1.1*******
    2.3ApplicationJinzoraJinzora0.2*******
    2.3ApplicationJinzoraJinzora0.3*******
    2.3ApplicationJinzoraJinzora0.3pre******
    2.3ApplicationJinzoraJinzora0.3pre_2******
    2.3ApplicationJinzoraJinzora0.3.1*******
    2.3ApplicationJinzoraJinzora0.4*******
    2.3ApplicationJinzoraJinzora0.5*******
    2.3ApplicationJinzoraJinzora0.6.2*******
    2.3ApplicationJinzoraJinzora0.7*******
    2.3ApplicationJinzoraJinzora0.8.1*******
    2.3ApplicationJinzoraJinzora0.8.2*******
    2.3ApplicationJinzoraJinzora0.9*******
    2.3ApplicationJinzoraJinzora0.9.1*******
    2.3ApplicationJinzoraJinzora0.9.2*******
    2.3ApplicationJinzoraJinzora0.9.3*******
    2.3ApplicationJinzoraJinzora0.9.4*******
    2.3ApplicationJinzoraJinzora0.9.5*******
    2.3ApplicationJinzoraJinzora1.0.1*******
    2.3ApplicationJinzoraJinzora1.1*******
    2.3ApplicationJinzoraJinzora2.0*******
    2.3ApplicationJinzoraJinzora2.0beta_1******
    2.3ApplicationJinzoraJinzora2.0beta_2******
    2.3ApplicationJinzoraJinzora2.0rc1******
    2.3ApplicationJinzoraJinzora2.0rc2******
    2.3ApplicationJinzoraJinzora2.0.1*******
    2.3ApplicationJinzoraJinzora********2.1

Vulnerable Software List

VendorProductVersions
Jinzora Jinzora *, 0.1.1, 0.2, 0.3, 0.3.1, 0.4, 0.5, 0.6.2, 0.7, 0.8.1, 0.8.2, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 1.0.1, 1.1, 2.0, 2.0.1

References

NameSourceURLTags
2351http://securityreason.com/securityalert/2351SREASONExploit
20061010 Jinzora <= 2.1 Remote File Inclusionhttp://www.securityfocus.com/archive/1/448290/100/0/threadedBUGTRAQ
20446http://www.securityfocus.com/bid/20446BIDExploit
jinzora-media-file-include(29436)https://exchange.xforce.ibmcloud.com/vulnerabilities/29436XF
2512https://www.exploit-db.com/exploits/2512EXPLOIT-DB