CVE-2006-0887
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-94
Control incorrecto de generación de código (Inyección de código)
Fecha de publicación:
25/02/2006
Última modificación:
03/04/2025
Descripción
*** Pendiente de traducción *** Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory.
Impacto
Puntuación base 2.0
7.50
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:phplib_team:phplib:7.4:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://secunia.com/advisories/16902
- http://securitytracker.com/id?1016123=
- http://sourceforge.net/project/shownotes.php?group_id=31885&release_id=396091
- http://www.gulftech.org/?node=research&article_id=00107-03052006
- http://www.osvdb.org/23466
- http://www.securityfocus.com/bid/16801
- http://www.vupen.com/english/advisories/2006/0720
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24873
- http://secunia.com/advisories/16902
- http://securitytracker.com/id?1016123=
- http://sourceforge.net/project/shownotes.php?group_id=31885&release_id=396091
- http://www.gulftech.org/?node=research&article_id=00107-03052006
- http://www.osvdb.org/23466
- http://www.securityfocus.com/bid/16801
- http://www.vupen.com/english/advisories/2006/0720
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24873