CVE-2006-0636 : desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the

desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable.

Published 2006-02-10 11:02:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2006-0636

Eyeos Project » Eyeos » Version: 0.8.4
cpe:2.3:o:eyeos_project:eyeos:0.8.4:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.3
cpe:2.3:o:eyeos_project:eyeos:0.8.3:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.3 R1
cpe:2.3:o:eyeos_project:eyeos:0.8.3_r1:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.7
cpe:2.3:o:eyeos_project:eyeos:0.8.7:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.8
cpe:2.3:o:eyeos_project:eyeos:0.8.8:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.2 R2
cpe:2.3:o:eyeos_project:eyeos:0.8.2_r2:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.2 R3
cpe:2.3:o:eyeos_project:eyeos:0.8.2_r3:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.5 R1
cpe:2.3:o:eyeos_project:eyeos:0.8.5_r1:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.6
cpe:2.3:o:eyeos_project:eyeos:0.8.6:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8
cpe:2.3:o:eyeos_project:eyeos:0.8:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.1
cpe:2.3:o:eyeos_project:eyeos:0.8.1:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.1 R1
cpe:2.3:o:eyeos_project:eyeos:0.8.1_r1:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.3 R2
cpe:2.3:o:eyeos_project:eyeos:0.8.3_r2:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.9
cpe:2.3:o:eyeos_project:eyeos:0.8.9:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.2
cpe:2.3:o:eyeos_project:eyeos:0.8.2:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.2 R1
cpe:2.3:o:eyeos_project:eyeos:0.8.2_r1:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.4 R1
cpe:2.3:o:eyeos_project:eyeos:0.8.4_r1:*:*:*:*:*:*:*
Matching versions
Eyeos Project » Eyeos » Version: 0.8.5
cpe:2.3:o:eyeos_project:eyeos:0.8.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-0636

EPSS FAQ

1.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-0636

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-0636

Jump to

Vulnerability Details : CVE-2006-0636

Products affected by CVE-2006-0636

Exploit prediction scoring system (EPSS) score for CVE-2006-0636

CVSS scores for CVE-2006-0636

References for CVE-2006-0636