CVE-2006-4877 - OpenCVE

Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
David Bennett	Php-post

Configuration 1 [-]

cpe:2.3:a:david_bennett:php-post:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/22014
http://securityreason.com/securityalert/1607
http://www.osvdb.org/28965
http://www.osvdb.org/28966
http://www.osvdb.org/28967
http://www.securityfocus.com/archive/1/446318/100/0/threaded
http://www.securityfocus.com/bid/20061
http://www.vupen.com/english/advisories/2006/3688

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-19T21:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-09-19T00:00:00

Link: CVE-2006-4877

JSON object: View

NVD Information

Status : Modified

Published: 2006-09-19T21:07:00.000

Modified: 2018-10-17T21:40:04.810

Link: CVE-2006-4877

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-16T00:00:00", "descriptions": [{"lang": "en", "value": "Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20061"}, {"name": "ADV-2006-3688", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3688"}, {"name": "28966", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28966"}, {"name": "1607", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1607"}, {"name": "28967", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28967"}, {"name": "22014", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22014"}, {"name": "20060916 PHP-Post Multiple Input Validation Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/446318/100/0/threaded"}, {"name": "28965", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28965"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4877", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20061"}, {"name": "ADV-2006-3688", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3688"}, {"name": "28966", "refsource": "OSVDB", "url": "http://www.osvdb.org/28966"}, {"name": "1607", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1607"}, {"name": "28967", "refsource": "OSVDB", "url": "http://www.osvdb.org/28967"}, {"name": "22014", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22014"}, {"name": "20060916 PHP-Post Multiple Input Validation Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/446318/100/0/threaded"}, {"name": "28965", "refsource": "OSVDB", "url": "http://www.osvdb.org/28965"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4877", "datePublished": "2006-09-19T21:00:00", "dateReserved": "2006-09-19T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:david_bennett:php-post:*:*:*:*:*:*:*:*", "matchCriteriaId": "70FA6839-10EF-409D-AE8E-31F1DD908165", "versionEndIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php."}, {"lang": "es", "value": "Vulnerabilidad de sobreescritura de variable en David Bennett PHP-Post (PHPp) 1.0 y anteriores permite a atacantes remotos sobreescribir variables de programa de su elecci\u00f3n v\u00eda m\u00faltiples vectores que usan la funci\u00f3n extract, como ha sido demostrado por el par\u00e1metro table_prefix en (1) index.php, (2) profile.php y (3) header.php."}], "id": "CVE-2006-4877", "lastModified": "2018-10-17T21:40:04.810", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-09-19T21:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/22014"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1607"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28965"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28966"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28967"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446318/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20061"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3688"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}