CVE-2006-6975 - OpenCVE

PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Centipaid	Centipaid

Configuration 1 [-]

cpe:2.3:a:centipaid:centipaid:1.4.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2006-10/0472.html
http://archives.neohapsis.com/archives/bugtraq/2006-10/0494.html
http://archives.neohapsis.com/archives/bugtraq/2006-10/0499.html
http://www.osvdb.org/31638

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-08T17:00:00Z

Updated: 2024-09-17T00:30:43.827Z

Reserved: 2007-02-08T00:00:00Z

Link: CVE-2006-6975

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-02-08T17:28:00.000

Modified: 2024-08-07T21:15:38.217

Link: CVE-2006-6975

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-02-08T17:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0494.html"}, {"name": "20061028 CentiPaid <= 1.4.2 [$class_pwd] Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0472.html"}, {"name": "20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0499.html"}, {"name": "31638", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/31638"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6975", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0494.html"}, {"name": "20061028 CentiPaid <= 1.4.2 [$class_pwd] Remote File Include", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0472.html"}, {"name": "20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0499.html"}, {"name": "31638", "refsource": "OSVDB", "url": "http://www.osvdb.org/31638"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:50:05.959Z"}, "title": "CVE Program Container", "references": [{"name": "20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0494.html"}, {"name": "20061028 CentiPaid <= 1.4.2 [$class_pwd] Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0472.html"}, {"name": "20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0499.html"}, {"name": "31638", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/31638"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6975", "datePublished": "2007-02-08T17:00:00Z", "dateReserved": "2007-02-08T00:00:00Z", "dateUpdated": "2024-09-17T00:30:43.827Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:centipaid:centipaid:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "2CA9B97F-54AE-4D2A-8D86-AD1604F2C3AD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement"}, {"lang": "es", "value": "** IMPUGNADO ** Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en centipaid_class.php de CentiPaid 1.4.3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una URL en el par\u00e1metro class_pwd.\r\nNOTA: Esta vulnerabilidad ha sido impugnada por CVE y m\u00faltiples terceras partes, que indican que a $class_pwd se le asigna un valor est\u00e1tico anteriormente a la sentencia \"include\" pertinente."}], "evaluatorImpact": "This is not exploitable.", "id": "CVE-2006-6975", "lastModified": "2024-08-07T21:15:38.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-08T17:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0472.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0494.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0499.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/31638"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}