CVE-2006-3193

{"id": "CVE-2006-3193", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-06-23T00:02:00.000", "references": [{"url": "http://secunia.com/advisories/20768", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=428062", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27233", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27234", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27235", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27236", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27237", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27238", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27239", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27240", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27241", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27242", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27243", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27244", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27245", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27246", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27247", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27248", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27249", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27250", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27251", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27252", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18555", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2462", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/1933", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inclusi\u00f3n remota de ficheros PHP en Grayscale BandSite CMS v1.1.1, cuando register_globals esta habilitado, permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL en el par\u00e1metro root_path en (1) includes/content/contact_content.php; multiples archivos en adminpanel/includes/add_forms/ incluyendo (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, y (20) adminpanel/includes/mailinglist/dispxls.php."}], "lastModified": "2017-10-19T01:29:11.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:grayscale:bandsite_cms:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BD740CC-4C44-41C9-9E04-9795A0332E68"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}