CVE-2006-5020

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-5020
Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://attrition.org/pipermail/vim/2007-January/001210.html
http://www.osvdb.org/31097
http://www.osvdb.org/31098
http://www.osvdb.org/31099
http://www.osvdb.org/31100
http://www.osvdb.org/31104
http://www.osvdb.org/31105
http://www.osvdb.org/31106
http://www.osvdb.org/31107
http://www.osvdb.org/31108
http://www.osvdb.org/31109
http://www.osvdb.org/31110
http://www.osvdb.org/31111
http://www.osvdb.org/31112
http://www.osvdb.org/31113
http://www.osvdb.org/31114
http://www.osvdb.org/31115
http://www.osvdb.org/31116
http://www.osvdb.org/31117
http://www.osvdb.org/31118
http://www.osvdb.org/31119
http://www.osvdb.org/31120
http://www.osvdb.org/31121
http://www.osvdb.org/31122
http://www.osvdb.org/31123
http://www.osvdb.org/31124
http://www.osvdb.org/31125
http://www.osvdb.org/31126
http://www.osvdb.org/31127
http://www.osvdb.org/31128
http://www.osvdb.org/31129
http://www.osvdb.org/31130
http://www.osvdb.org/31131
http://www.osvdb.org/31132
http://www.osvdb.org/31133
http://www.osvdb.org/31134
http://www.osvdb.org/31135
http://www.osvdb.org/31136
http://www.osvdb.org/31137
http://www.osvdb.org/31138
http://www.osvdb.org/31139
http://www.osvdb.org/31141
http://www.osvdb.org/31142
http://www.osvdb.org/31143
http://www.osvdb.org/31144
http://www.osvdb.org/31145
http://www.osvdb.org/31146
http://www.osvdb.org/31147
http://www.osvdb.org/31190
http://www.osvdb.org/31191
http://www.osvdb.org/31192
http://www.osvdb.org/31193
http://www.osvdb.org/31194
http://www.osvdb.org/31197
http://www.osvdb.org/31198
http://www.osvdb.org/31199
http://www.osvdb.org/31200
http://www.osvdb.org/31201
http://www.osvdb.org/31202
http://www.osvdb.org/31203
http://www.securityfocus.com/bid/21934
http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1
https://exchange.xforce.ibmcloud.com/vulnerabilities/29095
https://www.exploit-db.com/exploits/2413
http://attrition.org/pipermail/vim/2007-January/001210.html
http://www.osvdb.org/31097
http://www.osvdb.org/31098
http://www.osvdb.org/31099
http://www.osvdb.org/31100
http://www.osvdb.org/31104
http://www.osvdb.org/31105
http://www.osvdb.org/31106
http://www.osvdb.org/31107
http://www.osvdb.org/31108
http://www.osvdb.org/31109
http://www.osvdb.org/31110
http://www.osvdb.org/31111
http://www.osvdb.org/31112
http://www.osvdb.org/31113
http://www.osvdb.org/31114
http://www.osvdb.org/31115
http://www.osvdb.org/31116
http://www.osvdb.org/31117
http://www.osvdb.org/31118
http://www.osvdb.org/31119
http://www.osvdb.org/31120
http://www.osvdb.org/31121
http://www.osvdb.org/31122
http://www.osvdb.org/31123
http://www.osvdb.org/31124
http://www.osvdb.org/31125
http://www.osvdb.org/31126
http://www.osvdb.org/31127
http://www.osvdb.org/31128
http://www.osvdb.org/31129
http://www.osvdb.org/31130
http://www.osvdb.org/31131
http://www.osvdb.org/31132
http://www.osvdb.org/31133
http://www.osvdb.org/31134
http://www.osvdb.org/31135
http://www.osvdb.org/31136
http://www.osvdb.org/31137
http://www.osvdb.org/31138
http://www.osvdb.org/31139
http://www.osvdb.org/31141
http://www.osvdb.org/31142
http://www.osvdb.org/31143
http://www.osvdb.org/31144
http://www.osvdb.org/31145
http://www.osvdb.org/31146
http://www.osvdb.org/31147
http://www.osvdb.org/31190
http://www.osvdb.org/31191
http://www.osvdb.org/31192
http://www.osvdb.org/31193
http://www.osvdb.org/31194
http://www.osvdb.org/31197
http://www.osvdb.org/31198
http://www.osvdb.org/31199
http://www.osvdb.org/31200
http://www.osvdb.org/31201
http://www.osvdb.org/31202
http://www.osvdb.org/31203
http://www.securityfocus.com/bid/21934
http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1
https://exchange.xforce.ibmcloud.com/vulnerabilities/29095
https://www.exploit-db.com/exploits/2413
Configurations

Configuration 1 (hide)

cpe:2.3:a:solidstate:solidstate:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:17

Type Values Removed Values Added
References () http://attrition.org/pipermail/vim/2007-January/001210.html - () http://attrition.org/pipermail/vim/2007-January/001210.html -
References () http://www.osvdb.org/31097 - () http://www.osvdb.org/31097 -
References () http://www.osvdb.org/31098 - () http://www.osvdb.org/31098 -
References () http://www.osvdb.org/31099 - () http://www.osvdb.org/31099 -
References () http://www.osvdb.org/31100 - () http://www.osvdb.org/31100 -
References () http://www.osvdb.org/31104 - () http://www.osvdb.org/31104 -
References () http://www.osvdb.org/31105 - () http://www.osvdb.org/31105 -
References () http://www.osvdb.org/31106 - () http://www.osvdb.org/31106 -
References () http://www.osvdb.org/31107 - () http://www.osvdb.org/31107 -
References () http://www.osvdb.org/31108 - () http://www.osvdb.org/31108 -
References () http://www.osvdb.org/31109 - () http://www.osvdb.org/31109 -
References () http://www.osvdb.org/31110 - () http://www.osvdb.org/31110 -
References () http://www.osvdb.org/31111 - () http://www.osvdb.org/31111 -
References () http://www.osvdb.org/31112 - () http://www.osvdb.org/31112 -
References () http://www.osvdb.org/31113 - () http://www.osvdb.org/31113 -
References () http://www.osvdb.org/31114 - () http://www.osvdb.org/31114 -
References () http://www.osvdb.org/31115 - () http://www.osvdb.org/31115 -
References () http://www.osvdb.org/31116 - () http://www.osvdb.org/31116 -
References () http://www.osvdb.org/31117 - () http://www.osvdb.org/31117 -
References () http://www.osvdb.org/31118 - () http://www.osvdb.org/31118 -
References () http://www.osvdb.org/31119 - () http://www.osvdb.org/31119 -
References () http://www.osvdb.org/31120 - () http://www.osvdb.org/31120 -
References () http://www.osvdb.org/31121 - () http://www.osvdb.org/31121 -
References () http://www.osvdb.org/31122 - () http://www.osvdb.org/31122 -
References () http://www.osvdb.org/31123 - () http://www.osvdb.org/31123 -
References () http://www.osvdb.org/31124 - () http://www.osvdb.org/31124 -
References () http://www.osvdb.org/31125 - () http://www.osvdb.org/31125 -
References () http://www.osvdb.org/31126 - () http://www.osvdb.org/31126 -
References () http://www.osvdb.org/31127 - () http://www.osvdb.org/31127 -
References () http://www.osvdb.org/31128 - () http://www.osvdb.org/31128 -
References () http://www.osvdb.org/31129 - () http://www.osvdb.org/31129 -
References () http://www.osvdb.org/31130 - () http://www.osvdb.org/31130 -
References () http://www.osvdb.org/31131 - () http://www.osvdb.org/31131 -
References () http://www.osvdb.org/31132 - () http://www.osvdb.org/31132 -
References () http://www.osvdb.org/31133 - () http://www.osvdb.org/31133 -
References () http://www.osvdb.org/31134 - () http://www.osvdb.org/31134 -
References () http://www.osvdb.org/31135 - () http://www.osvdb.org/31135 -
References () http://www.osvdb.org/31136 - () http://www.osvdb.org/31136 -
References () http://www.osvdb.org/31137 - () http://www.osvdb.org/31137 -
References () http://www.osvdb.org/31138 - () http://www.osvdb.org/31138 -
References () http://www.osvdb.org/31139 - () http://www.osvdb.org/31139 -
References () http://www.osvdb.org/31141 - () http://www.osvdb.org/31141 -
References () http://www.osvdb.org/31142 - () http://www.osvdb.org/31142 -
References () http://www.osvdb.org/31143 - () http://www.osvdb.org/31143 -
References () http://www.osvdb.org/31144 - () http://www.osvdb.org/31144 -
References () http://www.osvdb.org/31145 - () http://www.osvdb.org/31145 -
References () http://www.osvdb.org/31146 - () http://www.osvdb.org/31146 -
References () http://www.osvdb.org/31147 - () http://www.osvdb.org/31147 -
References () http://www.osvdb.org/31190 - () http://www.osvdb.org/31190 -
References () http://www.osvdb.org/31191 - () http://www.osvdb.org/31191 -
References () http://www.osvdb.org/31192 - () http://www.osvdb.org/31192 -
References () http://www.osvdb.org/31193 - () http://www.osvdb.org/31193 -
References () http://www.osvdb.org/31194 - () http://www.osvdb.org/31194 -
References () http://www.osvdb.org/31197 - () http://www.osvdb.org/31197 -
References () http://www.osvdb.org/31198 - () http://www.osvdb.org/31198 -
References () http://www.osvdb.org/31199 - () http://www.osvdb.org/31199 -
References () http://www.osvdb.org/31200 - () http://www.osvdb.org/31200 -
References () http://www.osvdb.org/31201 - () http://www.osvdb.org/31201 -
References () http://www.osvdb.org/31202 - () http://www.osvdb.org/31202 -
References () http://www.osvdb.org/31203 - () http://www.osvdb.org/31203 -
References () http://www.securityfocus.com/bid/21934 - () http://www.securityfocus.com/bid/21934 -
References () http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1 - () http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/29095 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/29095 -
References () https://www.exploit-db.com/exploits/2413 - () https://www.exploit-db.com/exploits/2413 -
Information

Published : 2006-09-27 23:07

Updated : 2024-11-21 00:17

NVD link : CVE-2006-5020

Mitre link : CVE-2006-5020

CVE.ORG link : CVE-2006-5020

JSON object : View

Products Affected

solidstate

  • solidstate
CWE
NVD-CWE-Other