CVE-2006-6417 : PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b

PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.

Published 2006-12-10 11:28:00

Updated 2018-10-17 21:48:05

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2006-6417

B2evolution » B2evolution » Version: 1.9 Beta
cpe:2.3:a:b2evolution:b2evolution:1.9_beta:*:*:*:*:*:*:*
Matching versions
B2evolution » B2evolution » Version: 1.8.5
cpe:2.3:a:b2evolution:b2evolution:1.8.5:*:*:*:*:*:*:*
Matching versions
B2evolution » B2evolution » Version: 1.9
cpe:2.3:a:b2evolution:b2evolution:1.9:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-6417

EPSS FAQ

3.94%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-6417

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-6417

Jump to

Vulnerability Details : CVE-2006-6417

Products affected by CVE-2006-6417

Exploit prediction scoring system (EPSS) score for CVE-2006-6417

CVSS scores for CVE-2006-6417

References for CVE-2006-6417