CVE-2006-5220

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/20406", "name": "20406", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt", "name": "http://advisories.echo.or.id/adv/adv48-theday-2006.txt", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://securitytracker.com/id?1017023", "name": "1017023", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/22336", "name": "22336", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/29643", "name": "29643", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29646", "name": "29646", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29644", "name": "29644", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29661", "name": "29661", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29662", "name": "29662", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.obdev.at/products/webyep/release-notes.html", "name": "http://www.obdev.at/products/webyep/release-notes.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/29645", "name": "29645", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29663", "name": "29663", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29647", "name": "29647", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29648", "name": "29648", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29649", "name": "29649", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29650", "name": "29650", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29651", "name": "29651", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29652", "name": "29652", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29653", "name": "29653", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29654", "name": "29654", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29655", "name": "29655", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29656", "name": "29656", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29657", "name": "29657", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29658", "name": "29658", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29659", "name": "29659", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/29660", "name": "29660", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/1702", "name": "1702", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/3972", "name": "ADV-2006-3972", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29397", "name": "webyep-webyep-file-include(29397)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/2496", "name": "2496", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/archive/1/448009/100/0/threaded", "name": "20061009 [ECHO_ADV_48$2006] WebYep <= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5220", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-10-10T04:06Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:objective_development:webyep:1.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:41Z"}