CVE-2006-2871 : PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execu

PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. NOTE: CVE disputes this issue, since $script_path is set to a constant value

Published 2006-06-06 20:06:00

Updated 2024-04-11 00:40:27

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Exploit prediction scoring system (EPSS) score for CVE-2006-2871

Probability of exploitation activity in the next 30 days: 16.83%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-2871

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-2871

http://www.attrition.org/pipermail/vim/2007-April/001510.html

[VIM] dispute: older CyBoards common.php RFI (CVE-2006-2871)
http://www.securityfocus.com/archive/1/435977/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26962

Vulnerability Report
http://www.securityfocus.com/bid/18272

Exploit
http://securitytracker.com/id?1016225

securitytracker.com
http://securityreason.com/securityalert/1051

CyBoards PHP Lite v1.25 (common.PHP) Remote File Inclusion - CXSecurity.com
http://www.osvdb.org/26596

404 Not Found

Products affected by CVE-2006-2871

Cyboards » Cyboards Php Lite » Version: 1.25
cpe:2.3:a:cyboards:cyboards_php_lite:1.25:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-2871

Exploit prediction scoring system (EPSS) score for CVE-2006-2871

CVSS scores for CVE-2006-2871

References for CVE-2006-2871

Products affected by CVE-2006-2871