CVE-2006-1032

Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/19028
http://secunia.com/advisories/19058
http://securityreason.com/securityalert/502
http://securitytracker.com/id?1015691
http://www.gulftech.org/?node=research&article_id=00105-02262006	Vendor Advisory
http://www.securityfocus.com/archive/1/426193	Vendor Advisory
http://www.securityfocus.com/bid/16833
http://www.vupen.com/english/advisories/2006/0745

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:phprpc:phprpc:0.7:::::::*
	cpe:2.3:a:phprpc:phprpc:0.8:::::::*
	cpe:2.3:a:phprpc:phprpc:0.9:::::::*

History

No history.

Information

Published : 2006-03-07 11:02

Updated : 2024-02-04 16:52

NVD link : CVE-2006-1032

Mitre link : CVE-2006-1032

CVE.ORG link : CVE-2006-1032

JSON object : View

Products Affected

phprpc

phprpc

CWE

NVD-CWE-Other

{"id": "CVE-2006-1032", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-03-07T11:02:00.000", "references": [{"url": "http://secunia.com/advisories/19028", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19058", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/502", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015691", "source": "cve@mitre.org"}, {"url": "http://www.gulftech.org/?node=research&article_id=00105-02262006", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/426193", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16833", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0745", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag."}], "lastModified": "2011-03-08T02:31:45.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phprpc:phprpc:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F393D44E-83A8-4F0B-A90E-76173FD14D8C"}, {"criteria": "cpe:2.3:a:phprpc:phprpc:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7C23ACA-9DA3-4F2C-AE31-4F8332EFCC11"}, {"criteria": "cpe:2.3:a:phprpc:phprpc:0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F283638E-2EEF-400F-93D7-7767F2347AC4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}