CVE-2006-0940

critical

Description

Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24897

http://www.vupen.com/english/advisories/2006/0755

http://www.securityfocus.com/bid/16857

http://www.securityfocus.com/archive/1/426985/100/0/threaded

http://www.osvdb.org/23482

http://securityreason.com/securityalert/557

http://secunia.com/advisories/19047

http://evuln.com/vulns/87/summary.html

Details

Source: Mitre, NVD

Published: 2006-03-01

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.12698

Detections

Analytics