CVE-2006-1087 — MEDIUM (6.5)

Q: How severe is CVE-2006-1087?

CVE-2006-1087 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-1087?

Check the references section above for vendor advisories and patch information. Affected products include: Php-Stats Php-Stats.

Vulnerability Description

Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. NOTE: this vulnerability can be exploited by remote unauthenticated attackers in conjunction with the option[admin_pass] authentication bypass vulnerability.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Php-Stats	Php-Stats	<= 0.1.9.1

References

FAQ

What is CVE-2006-1087?

CVE-2006-1087 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the o...

How severe is CVE-2006-1087?

CVE-2006-1087 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-1087?

Check the references section above for vendor advisories and patch information. Affected products include: Php-Stats Php-Stats.