CVE-2006-7208

Current Description

PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Evaluator Description

requires that PHP's 'register_globals' setting be enabled

Basic Data

PublishedJune 26, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAdam Van DongenCom Forum1.2.4rc3*******
    2.3ApplicationAdam Van DongenPhpbb Component1.2.4rc3*******

Vulnerable Software List

VendorProductVersions
Adam Van Dongen Com Forum 1.2.4rc3
Adam Van Dongen Phpbb Component 1.2.4rc3

References

NameSourceURLTags
45364http://osvdb.org/45364OSVDB
2836http://securityreason.com/securityalert/2836SREASON
20070622 All Of the Mambo & Joomla Script Remote File Inclussion Bugs..http://www.securityfocus.com/archive/1/472005/100/0/threadedBUGTRAQ
1995https://www.exploit-db.com/exploits/1995EXPLOIT-DB