CVE-2006-0628

critical

Description

myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24501

http://www.vupen.com/english/advisories/2006/0443

http://www.securityfocus.com/archive/1/424266/100/0/threaded

http://www.securityfocus.com/archive/1/423921/100/0/threaded

http://www.osvdb.org/22925

http://www.corantodemo.net/coranto/viewnews.cgi?id=EpApAAAVkyirPGThSf&style=dldetails

http://securityreason.com/securityalert/409

http://secunia.com/advisories/18737

http://attrition.org/pipermail/vim/2006-February/000537.html

Details

Source: Mitre, NVD

Published: 2006-02-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.056

Detections

Analytics