Vulnerability Details : CVE-2006-4311
PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php.
Vulnerability category: File inclusion
Products affected by CVE-2006-4311
- cpe:2.3:a:sonium:enterprise_adressbook:0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4311
9.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4311
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-4311
-
http://www.bb-pcsecurity.de/Websecurity/342/org/Sonium_Enterprise_Adressbook_Version_0.2_(folder)_RFI.htm
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28464
-
http://www.securityfocus.com/archive/1/443701/100/0/threaded
-
http://www.securityfocus.com/bid/19597
-
http://www.vupen.com/english/advisories/2006/3334
Jump to