CVE-2006-0075

Currently unrated

Key Information:

Vendor: Gnu
Status: PHPbook
Vendor: CVE Published:; 4 January 2006

Summary

Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.

References

http://www.securityfocus.com/archive/1/420698/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://evuln.com/vulns/6/summary.html

x_refsource_MISC

http://secunia.com/advisories/18268

third-party-advisoryx_refsource_SECUNIA

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 4, 2006
Vulnerability Reserved
Jan 3, 2006