CVE-2006-6852

high

Description

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information.

References

http://www.vupen.com/english/advisories/2006/5201

http://www.tdiary.org/20061210.html

http://www.securityfocus.com/bid/21811

http://secunia.com/advisories/23465

http://jvn.jp/jp/JVN%2331185550/index.html

Details

Source: Mitre, NVD

Published: 2006-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00574