CVE-2006-7006 : PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers

PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals

Published 2007-02-12 23:28:00

Updated 2024-04-11 00:41:30

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Exploit prediction scoring system (EPSS) score for CVE-2006-7006

Probability of exploitation activity in the next 30 days: 1.37%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-7006

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-7006

http://archives.neohapsis.com/archives/bugtraq/2006-06/0242.html
http://www.osvdb.org/27662

404 Not Found
http://packetstorm.linuxsecurity.com/0606-exploits/Somery.txt
http://www.attrition.org/pipermail/vim/2007-February/001305.html

[VIM] CVE dispute - old Somery team.php RFI
http://www.root-security.org/danger/Somery.txt

Exploit;URL Repurposed
http://www.securityfocus.com/bid/18412

Products affected by CVE-2006-7006

Robin De Graff » Somery » Version: 0.4.4
cpe:2.3:a:robin_de_graff:somery:0.4.4:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-7006

Exploit prediction scoring system (EPSS) score for CVE-2006-7006

CVSS scores for CVE-2006-7006

References for CVE-2006-7006

Products affected by CVE-2006-7006