CVE-2006-6863 : PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote att

PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value

Published 2006-12-31 05:00:00

Updated 2024-04-11 00:41:28

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Exploit prediction scoring system (EPSS) score for CVE-2006-6863

Probability of exploitation activity in the next 30 days: 15.33%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-6863

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2006-6863

http://www.attrition.org/pipermail/vim/2007-January/001207.html

[VIM] CVE dispute of Enigma WordPress RFI
http://www.securityfocus.com/archive/1/455555/100/0/threaded
http://securityreason.com/securityalert/2093

Enigma WordPress Bridge (boarddir) Remote File Include - CXSecurity.com
http://www.securityfocus.com/bid/21826

Exploit
http://securitytracker.com/id?017459

securitytracker.com
https://www.exploit-db.com/exploits/3051

WordPress Plugin Enigma 2 Bridge - 'boarddir' Remote File Inclusion - PHP webapps Exploit

Products affected by CVE-2006-6863

Enigma » Wordpress Bridge
cpe:2.3:a:enigma:wordpress_bridge:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-6863

Exploit prediction scoring system (EPSS) score for CVE-2006-6863

CVSS scores for CVE-2006-6863

References for CVE-2006-6863

Products affected by CVE-2006-6863