Vulnerability Description
Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cj Design | Cj Tag Board | 3.0 |
References
- http://secunia.com/advisories/21561Vendor Advisory
- http://secunia.com/secunia_research/2006-61/advisory/Vendor Advisory
- http://www.securityfocus.com/bid/19748
- http://www.vupen.com/english/advisories/2006/3406
- http://secunia.com/advisories/21561Vendor Advisory
- http://secunia.com/secunia_research/2006-61/advisory/Vendor Advisory
- http://www.securityfocus.com/bid/19748
- http://www.vupen.com/english/advisories/2006/3406
FAQ
What is CVE-2006-4451?
CVE-2006-4451 is a vulnerability with a CVSS score of 7.5 (HIGH). Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2...
How severe is CVE-2006-4451?
CVE-2006-4451 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4451?
Check the references section above for vendor advisories and patch information. Affected products include: Cj Design Cj Tag Board.