CVE-2006-1584

Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen function calls or file uploads. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/429535/100/0/threaded
http://www.securityfocus.com/bid/17334
https://exchange.xforce.ibmcloud.com/vulnerabilities/25686
http://www.securityfocus.com/archive/1/429535/100/0/threaded
http://www.securityfocus.com/bid/17334
https://exchange.xforce.ibmcloud.com/vulnerabilities/25686

Configurations

Configuration 1 (hide)

cpe:2.3:a:juliusz_julas_gonera:warcraft_iii_replay_parser_php:1.8c:*:*:*:*:*:*:*

History

21 Nov 2024, 00:09

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/archive/1/429535/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/429535/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/17334 -~~	() http://www.securityfocus.com/bid/17334 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/25686 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/25686 -

Information

Published : 2006-04-02 21:04

Updated : 2025-04-03 01:03

NVD link : CVE-2006-1584

Mitre link : CVE-2006-1584

CVE.ORG link : CVE-2006-1584

JSON object : View

Products Affected

juliusz_julas_gonera

warcraft_iii_replay_parser_php

CWE

NVD-CWE-Other

{"id": "CVE-2006-1584", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-04-02T21:04:00.000", "references": [{"url": "http://www.securityfocus.com/archive/1/429535/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17334", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25686", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/429535/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/17334", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25686", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen function calls or file uploads. NOTE: post-disclosure analysis by CVE suggests that the \"page\" parameter is not used in this product, and \"id\" might be the affected parameter."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:juliusz_julas_gonera:warcraft_iii_replay_parser_php:1.8c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75A2D351-B312-45A1-B231-6EAA9B2BED7B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.4 /10