Static Code Injection Vulnerability in phpBook by eBook
CVE-2006-0075

Currently unrated

Key Information:

Vendor

Gnu
Status
PHPbook
Vendor
CVE Published:
4 January 2006

What is CVE-2006-0075?

A static code injection vulnerability exists in phpBook versions 1.3.2 and earlier, allowing remote attackers to execute arbitrary PHP code. This is achieved by exploiting the e-mail field in new messages, which improperly writes to a PHP file, potentially leading to unauthorized access and manipulation of server resources.

References

http://www.securityfocus.com/archive/1/420698/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://evuln.com/vulns/6/summary.html
x_refsource_MISC
http://secunia.com/advisories/18268
third-party-advisoryx_refsource_SECUNIA

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2006-0075 : Static Code Injection Vulnerability in phpBook by eBook