CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2006-7019
https://notcve.org/view.php?id=CVE-2006-7019
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. phpwcms 1.2.5-DEV y anteriores, y 1.1 anterior a RC4, permite a atacantes remotos ejecutar código de su elección a través de argumentos manipulados en los parámetros (1) text_evento y (2) email_eventonome_evento en phpwcms_code_snippets/mail_file_form.php y sample_ext_php/mail_file_form.php, lo cual es procesado por la función render_PHPcode. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a partir de la información de terceros. • http://secunia.com/advisories/19866 http://www.phpwcms.de/forum/viewtopic.php?t=10958 http://www.vupen.com/english/advisories/2006/1556 https://exchange.xforce.ibmcloud.com/vulnerabilities/26126 •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0CVE-2006-7018
https://notcve.org/view.php?id=CVE-2006-7018
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. phpwcms 1.2.5-DEV y anteriores, y 1.1 anterior a RC4, permite a atacantes remotos ejecutar código de su elección a través de argumentos manipulados en el parámetro nome_evento en phpwcms_code_snippets/mail_file_form.php y (2) sample_ext_php/mail_file_form.php, lo cual es procesado por la función render_PHPcode. • http://secunia.com/advisories/19866 http://www.phpwcms.de/forum/viewtopic.php?t=10958 http://www.vupen.com/english/advisories/2006/1556 https://exchange.xforce.ibmcloud.com/vulnerabilities/26126 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-7020
https://notcve.org/view.php?id=CVE-2006-7020
CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER). Vulnerabilidad de inyección CRLF (CR (retorno de carro) y LF (salto de línea)) en el (1) include/inc_act/act_formmailer.php y, posiblemente, en (2) sample_ext_php/mail_file_form.php del phpwcms 1.2.5-DEV y versiones anteriores y en el 1.1. anterior al RC4, permite a atacantes remotos modificar cabeceras HTTP y enviar correos de spam suplantando una referencia HTTP (HTTP_REFERER). • http://secunia.com/advisories/19866 http://www.phpwcms.de/forum/viewtopic.php?t=10958 http://www.vupen.com/english/advisories/2006/1556 https://exchange.xforce.ibmcloud.com/vulnerabilities/26130 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2CVE-2006-6886
https://notcve.org/view.php?id=CVE-2006-6886
phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages. phpwcms 1.2.5-DEV permite a un atacante remoto obtener información sensible a través de una respuesta directa para (1) files.public-userroot.inc.php o (2) files.private.additions.inc.php en include/inc_lib/, lo cual revela la ruta en varios mensajes de error. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0423.html http://www.kapda.ir/advisory-331.html http://www.osvdb.org/25752 http://www.osvdb.org/25753 http://www.vupen.com/english/advisories/2006/1934 https://exchange.xforce.ibmcloud.com/vulnerabilities/26637 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.6EPSS: 2%CPEs: 1EXPL: 1CVE-2006-2519
https://notcve.org/view.php?id=CVE-2006-2519
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition. • http://secunia.com/advisories/20239 http://securityreason.com/securityalert/939 http://www.kapda.ir/advisory-331.html http://www.osvdb.org/25756 http://www.securityfocus.com/archive/1/434706/100/0/threaded http://www.securityfocus.com/bid/18062 http://www.vupen.com/english/advisories/2006/1934 https://exchange.xforce.ibmcloud.com/vulnerabilities/26639 •