Static Code Injection Vulnerability in phpBook by eBook
CVE-2006-0075

Currently unrated

Key Information:

Vendor: Gnu
Status: PHPbook
Vendor: CVE Published:; 4 January 2006

Summary

A static code injection vulnerability exists in phpBook versions 1.3.2 and earlier, allowing remote attackers to execute arbitrary PHP code. This is achieved by exploiting the e-mail field in new messages, which improperly writes to a PHP file, potentially leading to unauthorized access and manipulation of server resources.

References

http://www.securityfocus.com/archive/1/420698/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://evuln.com/vulns/6/summary.html

x_refsource_MISC

http://secunia.com/advisories/18268

third-party-advisoryx_refsource_SECUNIA

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 4, 2006
Vulnerability Reserved
Jan 3, 2006