CVE-2006-1545 : Direct static code injection vulnerability in admin/config.php in vscripts (aka

Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php.

Published 2006-03-30 11:02:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2006-1545

Vscripts » Vnews » Version: 1.2
cpe:2.3:a:vscripts:vnews:1.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-1545

EPSS FAQ

3.35%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-1545

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2006-1545

Jump to

Vulnerability Details : CVE-2006-1545

Products affected by CVE-2006-1545

Exploit prediction scoring system (EPSS) score for CVE-2006-1545

CVSS scores for CVE-2006-1545

References for CVE-2006-1545