CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2006-3193

Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.
Publish Date : 2006-06-22 Last Update Date : 2011-09-08
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
5.1
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity High (Specialized access conditions exist. It is hard to exploit and several special conditions must be satisfied to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access User
Vulnerability Type(s) Execute CodeFile Inclusion
CWE ID 94

- Products Affected By CVE-2006-3193

# Product Type Vendor Product Version Update Edition Language
1 Application Grayscale Bandsite Cms 1.1.1 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Grayscale Bandsite Cms 1

- References For CVE-2006-3193

http://www.vupen.com/english/advisories/2006/2462
VUPEN ADV-2006-2462
http://www.securityfocus.com/bid/18555
BID 18555 BandSite Root_Path Remote File Include Vulnerability Release Date:2006-06-21
http://www.osvdb.org/27252
OSVDB 27252
http://www.osvdb.org/27251
OSVDB 27251
http://www.osvdb.org/27250
OSVDB 27250
http://www.osvdb.org/27249
OSVDB 27249
http://www.osvdb.org/27248
OSVDB 27248
http://www.osvdb.org/27247
OSVDB 27247
http://www.osvdb.org/27246
OSVDB 27246
http://www.osvdb.org/27245
OSVDB 27245
http://www.osvdb.org/27244
OSVDB 27244
http://www.osvdb.org/27243
OSVDB 27243
http://www.osvdb.org/27242
OSVDB 27242
http://www.osvdb.org/27241
OSVDB 27241
http://www.osvdb.org/27240
OSVDB 27240
http://www.osvdb.org/27239
OSVDB 27239
http://www.osvdb.org/27238
OSVDB 27238
http://www.osvdb.org/27237
OSVDB 27237
http://www.osvdb.org/27236
OSVDB 27236
http://www.osvdb.org/27235
OSVDB 27235
http://www.osvdb.org/27234
OSVDB 27234
http://www.osvdb.org/27233
OSVDB 27233
http://sourceforge.net/project/shownotes.php?release_id=428062 CONFIRM
http://milw0rm.com/exploits/1933
MILW0RM 1933
http://secunia.com/advisories/20768
SECUNIA 20768

- Metasploit Modules Related To CVE-2006-3193

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.