Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2006-2685

Published: 31/05/2006 Updated: 19/10/2017
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 415
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Subscribe to Kevin Johnson

Vulnerability Summary

PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and previous versions, with register_globals enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.

Vulnerable Product Search on Vulmon Subscribe to Product

kevin johnson basic analysis and security engine 1.2.2

kevin johnson basic analysis and security engine 1.2.4

kevin johnson basic analysis and security engine 1.2.0

kevin johnson basic analysis and security engine 1.2.1

Exploits

Exploit DB: BASE - 'base_qry_common' Remote File Inclusion (Metasploit)
## # $Id: base_qry_commonrb 11127 2010-11-24 19:35:38Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class ...
Exploit DB: BASE 1.2.4 - 'base_qry_common.php' Remote File Inclusion (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/projects/Framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Msf::Expl ...
Exploit DB: BASE 1.2.4 - melissa Snort Frontend Remote File Inclusion
# Basic Analysis and Security Engine (BASE) <= 124 (melissa) Inclusion Vulnerabilities # Just glanced over BASE for a pentesting job /str0ke ! milw0rmcom ################################## [code (base_qry_commonphp)] include_once("$BASE_path/includes/base_signatureincphp"); [/code] [site]/snort/base_qry_commonphp?BASE_path= ...

References

CWE-94http://secunia.com/advisories/20300http://www.osvdb.org/25770http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370576http://sourceforge.net/forum/forum.php?forum_id=577228http://www.securityfocus.com/bid/18298http://www.vupen.com/english/advisories/2006/1996https://exchange.xforce.ibmcloud.com/vulnerabilities/26652https://www.exploit-db.com/exploits/1823https://nvd.nist.govhttps://www.exploit-db.com/exploits/16897/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook