Vulnerability Description
Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ben3W | 2Bgal | 3.0 |
References
- http://secunia.com/advisories/22530Vendor Advisory
- http://www.securityfocus.com/bid/20701
- http://www.securityfocus.com/bid/20859
- http://www.vupen.com/english/advisories/2006/4168
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29759
- http://secunia.com/advisories/22530Vendor Advisory
- http://www.securityfocus.com/bid/20701
- http://www.securityfocus.com/bid/20859
- http://www.vupen.com/english/advisories/2006/4168
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29759
FAQ
What is CVE-2006-5505?
CVE-2006-5505 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, ...
How severe is CVE-2006-5505?
CVE-2006-5505 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5505?
Check the references section above for vendor advisories and patch information. Affected products include: Ben3W 2Bgal.