CVE-2006-5432 - Vulnerability Details - OpenCVE

Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.11826.

Key SSVC decision points have not yet been added.

Vendors	Products
Marc Giombetti	Phppowercards

Configuration 1 [-]

cpe:2.3:a:marc_giombetti:phppowercards:2.10:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/22471
http://www.osvdb.org/29840
http://www.securityfocus.com/bid/20620
http://www.vupen.com/english/advisories/2006/4105
https://exchange.xforce.ibmcloud.com/vulnerabilities/29669
https://www.exploit-db.com/exploits/2590

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-20T23:00:00

Updated: 2024-08-07T19:48:30.202Z

Reserved: 2006-10-20T00:00:00

Link: CVE-2006-5432

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-10-20T23:07:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-5432

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-18T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20620", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20620"}, {"name": "ADV-2006-4105", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4105"}, {"name": "phppowercards-txt-code-execution(29669)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29669"}, {"name": "29840", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29840"}, {"name": "2590", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2590"}, {"name": "22471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22471"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5432", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20620", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20620"}, {"name": "ADV-2006-4105", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4105"}, {"name": "phppowercards-txt-code-execution(29669)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29669"}, {"name": "29840", "refsource": "OSVDB", "url": "http://www.osvdb.org/29840"}, {"name": "2590", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2590"}, {"name": "22471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22471"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:48:30.202Z"}, "title": "CVE Program Container", "references": [{"name": "20620", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20620"}, {"name": "ADV-2006-4105", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4105"}, {"name": "phppowercards-txt-code-execution(29669)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29669"}, {"name": "29840", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/29840"}, {"name": "2590", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/2590"}, {"name": "22471", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22471"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5432", "datePublished": "2006-10-20T23:00:00", "dateReserved": "2006-10-20T00:00:00", "dateUpdated": "2024-08-07T19:48:30.202Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:marc_giombetti:phppowercards:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "8E6444D8-3351-4A60-A320-675E16132471", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de c\u00f3digo est\u00e1tico directo en db/txt.inc.php en phpPowerCards 2.10, cuando register_globals est\u00e1 habilitado, permite a un atacante remoto crear o sobreescribir archivos de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, o (7) sessionID, como se demostr\u00f3 con la creaci\u00f3n de un nuevo archivo .php que permite la inclusi\u00f3n de archivos remotos, y la respuesta de este archivo."}], "id": "CVE-2006-5432", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-10-20T23:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22471"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29840"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/20620"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4105"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29669"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/29840"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/20620"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/2590"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}