CVE-2006-2685

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
31/05/2006
Last modified:
03/04/2025

Description

PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:kevin_johnson:basic_analysis_and_security_engine:1.2.4:*:*:*:*:*:*:*