CVE-2006-5258 : The spell checking component of (1) Asbru Web Content Management before 6.1.22,

The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked.

Published 2006-10-12 22:07:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2006-5258

Asbru Software » Asbru Web Content Management
Versions up to, including, (<=) 6.1.20
cpe:2.3:a:asbru_software:asbru_web_content_management:*:*:*:*:*:*:*:*
Matching versions
Asbru Software » Asbru Web Content Management » Version: 6.0
cpe:2.3:a:asbru_software:asbru_web_content_management:6.0:*:*:*:*:*:*:*
Matching versions
Asbru Software » Asbru Web Content Management » Version: 6.1
cpe:2.3:a:asbru_software:asbru_web_content_management:6.1:*:*:*:*:*:*:*
Matching versions
Asbru Software » Asbru Web Content Management » Version: 6.0.17
cpe:2.3:a:asbru_software:asbru_web_content_management:6.0.17:*:*:*:*:*:*:*
Matching versions
Asbru Software » Asbru Web Content Management » Version: 6.1.19
cpe:2.3:a:asbru_software:asbru_web_content_management:6.1.19:*:*:*:*:*:*:*
Matching versions
Asbru Software » Asbru Website Manager » Version: 6.0.20
cpe:2.3:a:asbru_software:asbru_website_manager:6.0.20:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-5258

EPSS FAQ

1.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-5258

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P	4.9	6.4	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2006-5258

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-5258

http://wcm.asbrusoft.com/page.php/id=791

Patch
http://www.vupen.com/english/advisories/2006/4004

Vendor Advisory
http://secunia.com/advisories/22344

Patch;Vendor Advisory
http://www.securityfocus.com/bid/20544
http://www.vupen.com/english/advisories/2006/4060

Site en construction
Vendor Advisory
http://editor.asbrusoft.com/page.php/id=727
http://www.vupen.com/english/advisories/2006/4061

Vendor Advisory
http://secunia.com/advisories/22472

About Secunia Research | Flexera
Vendor Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0306.html
http://secunia.com/advisories/22353

About Secunia Research | Flexera

Jump to

Vulnerability Details : CVE-2006-5258

Products affected by CVE-2006-5258

Exploit prediction scoring system (EPSS) score for CVE-2006-5258

CVSS scores for CVE-2006-5258

CWE ids for CVE-2006-5258

References for CVE-2006-5258