CVE-2006-2009 - OpenCVE

PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda 3.0 Final and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpmyagenda	Phpmyagenda

Configuration 1 [-]

cpe:2.3:a:phpmyagenda:phpmyagenda:3.0_final:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://downloads.securityfocus.com/vulnerabilities/exploits/phpMyAgenda_fi.txt
http://osvdb.org/ref/29/2914x-phpmyagenda.txt
http://secunia.com/advisories/19748
http://securityreason.com/securityalert/787
http://securitytracker.com/id?1015984
http://www.osvdb.org/24943
http://www.securityfocus.com/archive/1/431862/100/0/threaded
http://www.securityfocus.com/archive/1/433995/100/0/threaded
http://www.securityfocus.com/bid/17670
http://www.vupen.com/english/advisories/2006/1509
https://exchange.xforce.ibmcloud.com/vulnerabilities/26062

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-25T10:00:00

Updated: 2024-08-07T17:35:31.179Z

Reserved: 2006-04-25T00:00:00

Link: CVE-2006-2009

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-04-25T12:50:00.000

Modified: 2018-10-18T16:37:39.083

Link: CVE-2006-2009

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda 3.0 Final and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17670", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17670"}, {"name": "24943", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24943"}, {"name": "20060515 tyree[at]users.sourceforge.net", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/433995/100/0/threaded"}, {"name": "787", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/787"}, {"name": "ADV-2006-1509", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1509"}, {"name": "phpmyagenda-rootagenda-file-include(26062)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26062"}, {"name": "1015984", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015984"}, {"tags": ["x_refsource_MISC"], "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/phpMyAgenda_fi.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://osvdb.org/ref/29/2914x-phpmyagenda.txt"}, {"name": "19748", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19748"}, {"name": "20060424 [MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/431862/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2009", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda 3.0 Final and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17670", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17670"}, {"name": "24943", "refsource": "OSVDB", "url": "http://www.osvdb.org/24943"}, {"name": "20060515 tyree[at]users.sourceforge.net", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/433995/100/0/threaded"}, {"name": "787", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/787"}, {"name": "ADV-2006-1509", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1509"}, {"name": "phpmyagenda-rootagenda-file-include(26062)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26062"}, {"name": "1015984", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015984"}, {"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/phpMyAgenda_fi.txt", "refsource": "MISC", "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/phpMyAgenda_fi.txt"}, {"name": "http://osvdb.org/ref/29/2914x-phpmyagenda.txt", "refsource": "MISC", "url": "http://osvdb.org/ref/29/2914x-phpmyagenda.txt"}, {"name": "19748", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19748"}, {"name": "20060424 [MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431862/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:35:31.179Z"}, "title": "CVE Program Container", "references": [{"name": "17670", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17670"}, {"name": "24943", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24943"}, {"name": "20060515 tyree[at]users.sourceforge.net", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/433995/100/0/threaded"}, {"name": "787", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/787"}, {"name": "ADV-2006-1509", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1509"}, {"name": "phpmyagenda-rootagenda-file-include(26062)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26062"}, {"name": "1015984", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015984"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/phpMyAgenda_fi.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://osvdb.org/ref/29/2914x-phpmyagenda.txt"}, {"name": "19748", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19748"}, {"name": "20060424 [MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/431862/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2009", "datePublished": "2006-04-25T10:00:00", "dateReserved": "2006-04-25T00:00:00", "dateUpdated": "2024-08-07T17:35:31.179Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmyagenda:phpmyagenda:3.0_final:*:*:*:*:*:*:*", "matchCriteriaId": "C55312CD-0E00-4398-AFAC-E583A4F1F03D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda 3.0 Final and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter."}], "id": "CVE-2006-2009", "lastModified": "2018-10-18T16:37:39.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-25T12:50:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/phpMyAgenda_fi.txt"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/ref/29/2914x-phpmyagenda.txt"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19748"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/787"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015984"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24943"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/431862/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/433995/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/17670"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1509"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26062"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}