CVE-2006-4428 - Vulnerability Details - OpenCVE

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.07331.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Jupiter Cms Subscribe	Jupiter Cms Subscribe

Configuration 1 [-]

cpe:2.3:a:jupiter_cms:jupiter_cms:1.1.5:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.attrition.org/pipermail/vim/2006-August/000996.html
http://www.osvdb.org/28298
http://www.securityfocus.com/archive/1/444421/100/0/threaded
http://www.securityfocus.com/archive/1/444729/100/0/threaded
http://www.securityfocus.com/bid/19721
https://exchange.xforce.ibmcloud.com/vulnerabilities/28589

History

Fri, 17 Jan 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-29T00:00:00

Updated: 2025-01-17T14:01:42.279Z

Reserved: 2006-08-28T00:00:00

Link: CVE-2006-4428

Vulnrichment

Updated: 2024-08-07T19:06:07.753Z

NVD

Status : Deferred

Published: 2006-08-29T00:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-4428

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060825 Jupiter CMS 1.1.5 index.php Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/444421/100/0/threaded"}, {"name": "28298", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28298"}, {"name": "20060829 Re: Jupiter CMS 1.1.5 index.php Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/444729/100/0/threaded"}, {"name": "20060828 Jupiter CMS file include - CVE dispute", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2006-August/000996.html"}, {"name": "jupitercm-index-file-include(28589)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28589"}, {"name": "19721", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19721"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4428", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060825 Jupiter CMS 1.1.5 index.php Remote File Include", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444421/100/0/threaded"}, {"name": "28298", "refsource": "OSVDB", "url": "http://www.osvdb.org/28298"}, {"name": "20060829 Re: Jupiter CMS 1.1.5 index.php Remote File Include", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444729/100/0/threaded"}, {"name": "20060828 Jupiter CMS file include - CVE dispute", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2006-August/000996.html"}, {"name": "jupitercm-index-file-include(28589)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28589"}, {"name": "19721", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19721"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:06:07.753Z"}, "title": "CVE Program Container", "references": [{"name": "20060825 Jupiter CMS 1.1.5 index.php Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/444421/100/0/threaded"}, {"name": "28298", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28298"}, {"name": "20060829 Re: Jupiter CMS 1.1.5 index.php Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/444729/100/0/threaded"}, {"name": "20060828 Jupiter CMS file include - CVE dispute", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2006-August/000996.html"}, {"name": "jupitercm-index-file-include(28589)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28589"}, {"name": "19721", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19721"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-17T14:01:37.355489Z", "id": "CVE-2006-4428", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-17T14:01:42.279Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4428", "datePublished": "2006-08-29T00:00:00", "dateReserved": "2006-08-28T00:00:00", "dateUpdated": "2025-01-17T14:01:42.279Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securityfocus.com/archive/1/444421/100/0/threaded", "name": "20060825 Jupiter CMS 1.1.5 index.php Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "http://www.osvdb.org/28298", "name": "28298", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"]}, {"url": "http://www.securityfocus.com/archive/1/444729/100/0/threaded", "name": "20060829 Re: Jupiter CMS 1.1.5 index.php Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "http://www.attrition.org/pipermail/vim/2006-August/000996.html", "name": "20060828 Jupiter CMS file include - CVE dispute", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28589", "name": "jupitercm-index-file-include(28589)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/19721", "name": "19721", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:06:07.753Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2006-4428", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-17T14:01:37.355489Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-17T14:01:18.199Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-25T00:00:00", "references": [{"url": "http://www.securityfocus.com/archive/1/444421/100/0/threaded", "name": "20060825 Jupiter CMS 1.1.5 index.php Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "http://www.osvdb.org/28298", "name": "28298", "tags": ["vdb-entry", "x_refsource_OSVDB"]}, {"url": "http://www.securityfocus.com/archive/1/444729/100/0/threaded", "name": "20060829 Re: Jupiter CMS 1.1.5 index.php Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "http://www.attrition.org/pipermail/vim/2006-August/000996.html", "name": "20060828 Jupiter CMS file include - CVE dispute", "tags": ["mailing-list", "x_refsource_VIM"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28589", "name": "jupitercm-index-file-include(28589)", "tags": ["vdb-entry", "x_refsource_XF"]}, {"url": "http://www.securityfocus.com/bid/19721", "name": "19721", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2018-10-17T20:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/444421/100/0/threaded", "name": "20060825 Jupiter CMS 1.1.5 index.php Remote File Include", "refsource": "BUGTRAQ"}, {"url": "http://www.osvdb.org/28298", "name": "28298", "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/archive/1/444729/100/0/threaded", "name": "20060829 Re: Jupiter CMS 1.1.5 index.php Remote File Include", "refsource": "BUGTRAQ"}, {"url": "http://www.attrition.org/pipermail/vim/2006-August/000996.html", "name": "20060828 Jupiter CMS file include - CVE dispute", "refsource": "VIM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28589", "name": "jupitercm-index-file-include(28589)", "refsource": "XF"}, {"url": "http://www.securityfocus.com/bid/19721", "name": "19721", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4428", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2006-4428", "state": "PUBLISHED", "dateUpdated": "2025-01-17T14:01:42.279Z", "dateReserved": "2006-08-28T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2006-08-29T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jupiter_cms:jupiter_cms:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "EB372559-61D8-4E8D-9ED2-DB7F211E8C78", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement"}, {"lang": "es", "value": "** IMPUGNADA ** Vulnerabilidad de inclusi\u00f3n remota de archivo en index.php en Jupiter CMS 1.1.5 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro template. NOTA: CVE impugna esta afirmaci\u00f3n, ya que la variable $template est\u00e1 definida como un valor constante antes de que se la haga referencia en una sentencia include."}], "id": "CVE-2006-4428", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2006-08-29T00:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2006-August/000996.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28298"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444421/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444729/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/19721"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.attrition.org/pipermail/vim/2006-August/000996.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28298"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/444421/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/444729/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/19721"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28589"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}