CVE-2006-1032

Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/archive/1/426193	Vendor Advisory
http://www.gulftech.org/?node=research&article_id=00105-02262006	Vendor Advisory
http://www.securityfocus.com/bid/16833
http://securitytracker.com/id?1015691
http://secunia.com/advisories/19028
http://secunia.com/advisories/19058
http://securityreason.com/securityalert/502
http://www.vupen.com/english/advisories/2006/0745

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:phprpc:phprpc:0.8:::::::*
	cpe:2.3:a:phprpc:phprpc:0.9:::::::*
	cpe:2.3:a:phprpc:phprpc:0.7:::::::*

Information

Published : 2006-03-07 03:02

Updated : 2011-03-07 18:31

NVD link : CVE-2006-1032

Mitre link : CVE-2006-1032

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

phprpc

phprpc

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/426193", "name": "20060226 phpRPC Library Remote Code Execution", "tags": ["Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.gulftech.org/?node=research&article_id=00105-02262006", "name": "http://www.gulftech.org/?node=research&article_id=00105-02262006", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/16833", "name": "16833", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1015691", "name": "1015691", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/19028", "name": "19028", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/19058", "name": "19058", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/502", "name": "502", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/0745", "name": "ADV-2006-0745", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1032", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-03-07T11:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:phprpc:phprpc:0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phprpc:phprpc:0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phprpc:phprpc:0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:31Z"}