CVE-2006-0824

critical

Description

Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log.

References

http://www.vupen.com/english/advisories/2006/0661

http://www.securityfocus.com/bid/16755

http://www.securityfocus.com/archive/1/425506/100/0/threaded

http://www.osvdb.org/23349

http://www.gulftech.org/?node=research&article_id=00102-02192006

http://www.geeklog.net/article.php/geeklog-1.4.0sr1

http://secunia.com/advisories/18920

Details

Source: Mitre, NVD

Published: 2006-02-21

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical