Vulnerability Details : CVE-2006-5101
PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.
Vulnerability category: File inclusion
Products affected by CVE-2006-5101
- cpe:2.3:a:comdev:comdev_csv_importer:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:comdev:comdev_csv_importer:4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5101
43.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5101
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2006-5101
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-5101
-
http://www.vupen.com/english/advisories/2006/3804
Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/3809
Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/3805
-
http://www.vupen.com/english/advisories/2006/3812
-
http://securityreason.com/securityalert/1658
-
http://www.vupen.com/english/advisories/2006/3807
Vendor Advisory
-
http://www.securityfocus.com/archive/1/447184/100/0/threaded
-
http://www.securityfocus.com/archive/1/447201/100/0/threaded
-
http://www.securityfocus.com/archive/1/447185/100/0/threaded
-
http://www.securityfocus.com/archive/1/447192/100/0/threaded
-
http://www.vupen.com/english/advisories/2006/3814
-
http://www.securityfocus.com/archive/1/447190/100/0/threaded
-
http://www.vupen.com/english/advisories/2006/3813
Vendor Advisory
-
http://www.securityfocus.com/archive/1/447188/100/0/threaded
-
http://www.securityfocus.com/archive/1/447186/100/0/threaded
-
http://www.vupen.com/english/advisories/2006/3815
Vendor Advisory
-
http://www.securityfocus.com/archive/1/447209/100/0/threaded
-
http://www.vupen.com/english/advisories/2006/3811
-
http://www.securityfocus.com/archive/1/447193/100/0/threaded
-
http://www.securityfocus.com/archive/1/447207/100/0/threaded
-
http://www.vupen.com/english/advisories/2006/3803
-
http://www.securityfocus.com/archive/1/447187/100/0/threaded
-
http://www.securityfocus.com/archive/1/447194/100/0/threaded
-
http://www.vupen.com/english/advisories/2006/3810
-
http://www.securityfocus.com/archive/1/447213/100/0/threaded
-
http://www.vupen.com/english/advisories/2006/3806
-
http://www.vupen.com/english/advisories/2006/3808
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29220
Jump to