CVE-2006-3107 - OpenCVE

Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Docebo	Docebo

Configuration 1 [-]

cpe:2.3:a:docebo:docebo:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securitytracker.com/id?1016259
http://www.osvdb.org/26707
http://www.osvdb.org/26708
http://www.osvdb.org/26709
https://exchange.xforce.ibmcloud.com/vulnerabilities/26633

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-21T01:00:00

Updated: 2024-08-07T18:16:05.681Z

Reserved: 2006-06-20T00:00:00

Link: CVE-2006-3107

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-06-21T01:02:00.000

Modified: 2017-07-20T01:32:02.990

Link: CVE-2006-3107

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26707", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26707"}, {"name": "docebo-multiple-file-include(26633)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26633"}, {"name": "26708", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26708"}, {"name": "1016259", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016259"}, {"name": "26709", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26709"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26707", "refsource": "OSVDB", "url": "http://www.osvdb.org/26707"}, {"name": "docebo-multiple-file-include(26633)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26633"}, {"name": "26708", "refsource": "OSVDB", "url": "http://www.osvdb.org/26708"}, {"name": "1016259", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016259"}, {"name": "26709", "refsource": "OSVDB", "url": "http://www.osvdb.org/26709"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:16:05.681Z"}, "title": "CVE Program Container", "references": [{"name": "26707", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26707"}, {"name": "docebo-multiple-file-include(26633)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26633"}, {"name": "26708", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26708"}, {"name": "1016259", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016259"}, {"name": "26709", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26709"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3107", "datePublished": "2006-06-21T01:00:00", "dateReserved": "2006-06-20T00:00:00", "dateUpdated": "2024-08-07T18:16:05.681Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docebo:docebo:*:*:*:*:*:*:*:*", "matchCriteriaId": "62D76E7D-45D9-43ED-8536-73F27E2533CE", "versionEndIncluding": "3.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades PHP de inclusi\u00f3n remota de archivo en Docebo v3.0.3 y versiones anteriores, cuando register_globals est\u00e1 habilitado, que permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL en (1) GLOBALS [where_framework] para (a) admin / modules / news / news_class. php y (b) admin / modules / content / content_class.php, y (2) GLOBALS [where_cms] a (c) admin / modules / block_media / util.media.php. NOTA: este problema puede ser el resultado de una vulnerabilidad de sobreescritura de \u00e1mbito global. Este problema es similar a CVE-2006-2576, pero los vectores de ataque son diferentes."}], "id": "CVE-2006-3107", "lastModified": "2017-07-20T01:32:02.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-21T01:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1016259"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26707"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26708"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26709"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26633"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}