NVD

CVE-2006-3172 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Current Description

Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash (/) character in the (1) lang_path parameter to (a) cms/plugins/col_man/column.inc.php, (b) cms/plugins/poll/poll.inc.php, (c) cms/plugins/user_managment/usrPortrait.inc.php, (d) cms/plugins/user_managment/user.inc.php, (e) cms/plugins/media_manager/media.inc.php, (f) cms/plugins/events/permanent.eventMonth.inc.php, (g) cms/plugins/events/events.inc.php, and (h) cms/plugins/newsletter2/newsletter.inc.php; (2) path[cb] parameter to (i) modules/guestbook/guestbook.inc.php, (j) modules/shoutbox/shoutBox.php, and (k) modules/sitemap/sitemap.inc.php; and the (3) rel parameter to (l) modules/download/overview.inc.php, (m) modules/download/detailView.inc.php, (n) modules/article/fullarticle.inc.php, (o) modules/article/comments.inc.php, (p) modules/article2/overview.inc.php, (q) modules/article2/fullarticle.inc.php, (r) modules/article2/comments.inc.php, (s) modules/headline/headlineBox.php, and (t) modules/headline/showHeadline.inc.php.

View Analysis Description

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 7.5 HIGH

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
http://marc.info/?l=bugtraq&m=115016951316696&w=2	CVE, MITRE
http://secunia.com/advisories/20557	CVE, MITRE	Exploit Vendor Advisory
http://www.osvdb.org/26344	CVE, MITRE	Exploit
http://www.osvdb.org/26345	CVE, MITRE	Exploit
http://www.osvdb.org/26346	CVE, MITRE	Exploit
http://www.osvdb.org/26347	CVE, MITRE	Exploit
http://www.osvdb.org/26348	CVE, MITRE	Exploit
http://www.osvdb.org/26349	CVE, MITRE	Exploit
http://www.osvdb.org/26350	CVE, MITRE	Exploit
http://www.osvdb.org/26351	CVE, MITRE	Exploit
http://www.osvdb.org/26352	CVE, MITRE	Exploit
http://www.osvdb.org/26353	CVE, MITRE	Exploit
http://www.osvdb.org/26354	CVE, MITRE	Exploit
http://www.osvdb.org/26355	CVE, MITRE	Exploit
http://www.osvdb.org/26356	CVE, MITRE	Exploit
http://www.osvdb.org/26357	CVE, MITRE	Exploit
http://www.osvdb.org/26358	CVE, MITRE	Exploit
http://www.osvdb.org/26359	CVE, MITRE	Exploit
http://www.osvdb.org/26360	CVE, MITRE	Exploit
http://www.osvdb.org/26361	CVE, MITRE	Exploit
http://www.osvdb.org/26362	CVE, MITRE	Exploit
http://www.osvdb.org/26363	CVE, MITRE	Exploit
http://www.securityfocus.com/bid/18404	CVE, MITRE	Exploit
http://www.vupen.com/english/advisories/2006/2300	CVE, MITRE	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27044	CVE, MITRE

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-94	Improper Control of Generation of Code ('Code Injection')	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

7 change records found show changes

CVE Modified by CVE 11/20/2024 7:12:59 PM

Action	Type	New Value
Added	Reference	http://marc.info/?l=bugtraq&m=115016951316696&w=2
Added	Reference	http://secunia.com/advisories/20557
Added	Reference	http://www.osvdb.org/26344
Added	Reference	http://www.osvdb.org/26345
Added	Reference	http://www.osvdb.org/26346
Added	Reference	http://www.osvdb.org/26347
Added	Reference	http://www.osvdb.org/26348
Added	Reference	http://www.osvdb.org/26349
Added	Reference	http://www.osvdb.org/26350
Added	Reference	http://www.osvdb.org/26351
Added	Reference	http://www.osvdb.org/26352
Added	Reference	http://www.osvdb.org/26353
Added	Reference	http://www.osvdb.org/26354
Added	Reference	http://www.osvdb.org/26355
Added	Reference	http://www.osvdb.org/26356
Added	Reference	http://www.osvdb.org/26357
Added	Reference	http://www.osvdb.org/26358
Added	Reference	http://www.osvdb.org/26359
Added	Reference	http://www.osvdb.org/26360
Added	Reference	http://www.osvdb.org/26361
Added	Reference	http://www.osvdb.org/26362
Added	Reference	http://www.osvdb.org/26363
Added	Reference	http://www.securityfocus.com/bid/18404
Added	Reference	http://www.vupen.com/english/advisories/2006/2300
Added	Reference	https://exchange.xforce.ibmcloud.com/vulnerabilities/27044

CVE Modified by MITRE 12/06/2016 9:59:14 PM

Action

Type

Old Value

New Value

Changed

Description

Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash (/) character in the (1) lang_path parameter to (a) cms/plugins/col_man/column.inc.php, (b) cms/plugins/poll/poll.inc.php, (c) cms/plugins/user_managment/usrPortrait.inc.php, (d) cms/plugins/user_managment/user.inc.php, (e) cms/plugins/media_manager/media.inc.php, (f) cms/plugins/events/permanent.eventMonth.inc.php, (g) cms/plugins/events/events.inc.php, and (h) cms/plugins/newsletter2/newsletter.inc.php; (2) path[cb] paramter to (i) modules/guestbook/guestbook.inc.php, (j) modules/shoutbox/shoutBox.php, and (k) modules/sitemap/sitemap.inc.php; and the (3) rel parameter to (l) modules/download/overview.inc.php, (m) modules/download/detailView.inc.php, (n) modules/article/fullarticle.inc.php, (o) modules/article/comments.inc.php, (p) modules/article2/overview.inc.php, (q) modules/article2/fullarticle.inc.php, (r) modules/article2/comments.inc.php, (s) modules/headline/headlineBox.php, and (t) modules/headline/showHeadline.inc.php.

Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash (/) character in the (1) lang_path parameter to (a) cms/plugins/col_man/column.inc.php, (b) cms/plugins/poll/poll.inc.php, (c) cms/plugins/user_managment/usrPortrait.inc.php, (d) cms/plugins/user_managment/user.inc.php, (e) cms/plugins/media_manager/media.inc.php, (f) cms/plugins/events/permanent.eventMonth.inc.php, (g) cms/plugins/events/events.inc.php, and (h) cms/plugins/newsletter2/newsletter.inc.php; (2) path[cb] parameter to (i) modules/guestbook/guestbook.inc.php, (j) modules/shoutbox/shoutBox.php, and (k) modules/sitemap/sitemap.inc.php; and the (3) rel parameter to (l) modules/download/overview.inc.php, (m) modules/download/detailView.inc.php, (n) modules/article/fullarticle.inc.php, (o) modules/article/comments.inc.php, (p) modules/article2/overview.inc.php, (q) modules/article2/fullarticle.inc.php, (r) modules/article2/comments.inc.php, (s) modules/headline/headlineBox.php, and (t) modules/headline/showHeadline.inc.php.

CVE Translated by NIST 10/20/2016 12:45:00 AM

Action

Type

Old Value

New Value

Added

Translation

Múltiples vulnerabilidades de inclusión remota de archivo PHP en Content*Builder 0.7.5 permiten a atacantes remotos ejecutar código PHP arbitrario a través de una URL con un carácter de barra oblicua al final (/) en el (1) parámetro lang_path para (a) cms/plugins/col_man/column.inc.php, (b) cms/plugins/poll/poll.inc.php, (c) cms/plugins/user_managment/usrPortrait.inc.php, (d) cms/plugins/user_managment/user.inc.php, (e) cms/plugins/media_manager/media.inc.php, (f) cms/plugins/events/permanent.eventMonth.inc.php, (g) cms/plugins/events/events.inc.php, y (h) cms/plugins/newsletter2/newsletter.inc.php; (2) parámetro path[cb] para (i) modules/guestbook/guestbook.inc.php, (j) modules/shoutbox/shoutBox.php y (k) modules/sitemap/sitemap.inc.php; y (3) el parámetro rel para (l) modules/download/overview.inc.php, (m) modules/download/detailView.inc.php, (n) modules/article/fullarticle.inc.php, (o) modules/article/comments.inc.php, (p) modules/article2/overview.inc.php, (q) modules/article2/fullarticle.inc.php, (r) modules/article2/comments.inc.php, (s) modules/headline/headlineBox.php y (t) modules/headline/showHeadline.inc.php.

Removed

Translation

Múltiples vulnerabilidades de inclusión remota de archivo PHP en Content*Builder v0.7.5 permite a atacantes remotos ejecutar código PHP de su elección a través de una URL acabada en el carácter barra (/) en lso parámetros (1) lang_path en (a) cms/plugins/col_man/column.inc.php, (b) cms/plugins/poll/poll.inc.php, (c) cms/plugins/user_managment/usrPortrait.inc.php, (d) cms/plugins/user_managment/user.inc.php, (e) cms/plugins/media_manager/media.inc.php, (f) cms/plugins/events/permanent.eventMonth.inc.php, (g) cms/plugins/events/events.inc.php, y (h) cms/plugins/newsletter2/newsletter.inc.php; (2) path[cb] en(i) modules/guestbook/guestbook.inc.php, (j) modules/shoutbox/shoutBox.php, and (k) modules/sitemap/sitemap.inc.php; y (3) rel en (l) modules/download/overview.inc.php, (m) modules/download/detailView.inc.php, (n) modules/article/fullarticle.inc.php, (o) modules/article/comments.inc.php, (p) modules/article2/overview.inc.php, (q) modules/article2/fullarticle.inc.php, (r) modules/article2/comments.inc.php, (s) modules/headline/headlineBox.php, y (t) modules/headline/showHeadline.inc.php.

Quick Info

CVE Dictionary Entry:
CVE-2006-3172
NVD Published Date:
06/22/2006
NVD Last Modified:
04/02/2025
Source:
MITRE

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2006-3172 Detail

Current Description

Analysis Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 7:12:59 PM

CVE Modified by MITRE 5/13/2024 9:37:38 PM

CVE Modified by MITRE 7/19/2017 9:32:06 PM

CVE Modified by MITRE 12/06/2016 9:59:14 PM

CVE Translated by NIST 10/20/2016 12:45:00 AM

CVE Modified by MITRE 10/17/2016 11:40:14 PM

Initial CVE Analysis 6/23/2006 7:14:00 PM

Quick Info