CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2006-5020

Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php.
Publish Date : 2006-09-27 Last Update Date : 2008-09-05
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
7.5
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access User
Vulnerability Type(s) Execute CodeFile Inclusion
CWE ID CWE id is not defined for this vulnerability

- Products Affected By CVE-2006-5020

# Product Type Vendor Product Version Update Edition Language
1 Application Solidstate Solidstate 0.4 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Solidstate Solidstate 1

- References For CVE-2006-5020

http://www.osvdb.org/31098
OSVDB 31098
http://www.osvdb.org/31104
OSVDB 31104
http://www.osvdb.org/31100
OSVDB 31100
http://www.osvdb.org/31099
OSVDB 31099
http://www.osvdb.org/31105
OSVDB 31105
http://www.osvdb.org/31106
OSVDB 31106
http://www.osvdb.org/31107
OSVDB 31107
http://www.osvdb.org/31108
OSVDB 31108
http://www.osvdb.org/31109
OSVDB 31109
http://www.osvdb.org/31110
OSVDB 31110
http://www.osvdb.org/31111
OSVDB 31111
http://www.osvdb.org/31112
OSVDB 31112
http://www.osvdb.org/31113
OSVDB 31113
http://www.osvdb.org/31114
OSVDB 31114
http://www.osvdb.org/31115
OSVDB 31115
http://www.osvdb.org/31116
OSVDB 31116
http://www.osvdb.org/31117
OSVDB 31117
http://www.osvdb.org/31118
OSVDB 31118
http://www.osvdb.org/31119
OSVDB 31119
http://www.osvdb.org/31120
OSVDB 31120
http://www.osvdb.org/31121
OSVDB 31121
http://www.osvdb.org/31122
OSVDB 31122
http://www.osvdb.org/31123
OSVDB 31123
http://www.osvdb.org/31124
OSVDB 31124
http://www.osvdb.org/31125
OSVDB 31125
http://www.osvdb.org/31126
OSVDB 31126
http://www.osvdb.org/31127
OSVDB 31127
http://www.osvdb.org/31128
OSVDB 31128
http://www.osvdb.org/31129
OSVDB 31129
http://www.osvdb.org/31130
OSVDB 31130
http://www.osvdb.org/31131
OSVDB 31131
http://www.osvdb.org/31132
OSVDB 31132
http://www.osvdb.org/31133
OSVDB 31133
http://www.osvdb.org/31134
OSVDB 31134
http://www.osvdb.org/31135
OSVDB 31135
http://www.osvdb.org/31136
OSVDB 31136
http://www.osvdb.org/31137
OSVDB 31137
http://www.osvdb.org/31138
OSVDB 31138
http://www.osvdb.org/31139
OSVDB 31139
http://www.osvdb.org/31141
OSVDB 31141
http://www.osvdb.org/31142
OSVDB 31142
http://www.osvdb.org/31143
OSVDB 31143
http://www.osvdb.org/31144
OSVDB 31144
http://www.osvdb.org/31145
OSVDB 31145
http://www.osvdb.org/31146
OSVDB 31146
http://www.osvdb.org/31147
OSVDB 31147
http://www.osvdb.org/31190
OSVDB 31190
http://www.osvdb.org/31191
OSVDB 31191
http://www.osvdb.org/31192
OSVDB 31192
http://www.osvdb.org/31193
OSVDB 31193
http://www.osvdb.org/31194
OSVDB 31194
http://www.osvdb.org/31197
OSVDB 31197
http://www.osvdb.org/31198
OSVDB 31198
http://www.osvdb.org/31199
OSVDB 31199
http://www.osvdb.org/31200
OSVDB 31200
http://www.osvdb.org/31201
OSVDB 31201
http://www.osvdb.org/31202
OSVDB 31202
http://www.osvdb.org/31203
OSVDB 31203
http://www.securityfocus.com/bid/21934
BID 21934 SolidState Multiple Remote File Include Vulnerabilities Release Date:2007-01-08
http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1 CONFIRM
http://milw0rm.com/exploits/2413
MILW0RM 2413
http://xforce.iss.net/xforce/xfdb/29095
XF solidstate-basepath-file-include(29095)
http://www.osvdb.org/31097
OSVDB 31097
http://attrition.org/pipermail/vim/2007-January/001210.html
VIM 20070106 vendor ack: SolidState RFI

- Metasploit Modules Related To CVE-2006-5020

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.