Vulnerability Details : CVE-2006-1551
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.
Vulnerability category: Execute code
At least one public exploit which can be used to exploit this vulnerability exists!
Exploit prediction scoring system (EPSS) score for CVE-2006-1551
Probability of exploitation activity in the next 30 days: 82.60%
Metasploit modules for CVE-2006-1551
PAJAX Remote Command ExecutionDisclosure Date : 2006-03-30exploit/unix/webapp/pajax_remote_execRedTeam has identified two security flaws in PAJAX (<= 0.5.1). It is possible to execute arbitrary PHP code from unchecked user input. Additionally, it is possible to include arbitrary files on the server ending in ".class.php". Authors: - Matteo Cantoni <[email protected]> - hdm <[email protected]>
CVSS scores for CVE-2006-1551
|Base Score||Base Severity||CVSS Vector||Exploitability Score||Impact Score||Source|
References for CVE-2006-1551