Vulnerability Details : CVE-2006-0628
Potential exploit
myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable.
Products affected by CVE-2006-0628
- cpe:2.3:a:dale_ray:myquiz:1.01:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0628
20.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0628
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-0628
-
http://securityreason.com/securityalert/409
-
http://www.evuln.com/vulns/57/summary.html
Exploit;Patch;Vendor Advisory
-
http://www.corantodemo.net/coranto/viewnews.cgi?id=EpApAAAVkyirPGThSf&style=dldetails
Patch
-
http://www.vupen.com/english/advisories/2006/0443
-
http://www.securityfocus.com/archive/1/423921/100/0/threaded
-
http://attrition.org/pipermail/vim/2006-February/000537.html
-
http://www.securityfocus.com/archive/1/424266/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24501
Jump to