Vulnerability Description
Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tdiary | Tdiary | 2.0.1 |
Related Weaknesses (CWE)
References
- http://jvn.jp/jp/JVN%2331185550/index.html
- http://secunia.com/advisories/23465Vendor Advisory
- http://www.securityfocus.com/bid/21811
- http://www.tdiary.org/20061210.html
- http://www.vupen.com/english/advisories/2006/5201
- http://jvn.jp/jp/JVN%2331185550/index.html
- http://secunia.com/advisories/23465Vendor Advisory
- http://www.securityfocus.com/bid/21811
- http://www.tdiary.org/20061210.html
- http://www.vupen.com/english/advisories/2006/5201
FAQ
What is CVE-2006-6852?
CVE-2006-6852 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validatio...
How severe is CVE-2006-6852?
CVE-2006-6852 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6852?
Check the references section above for vendor advisories and patch information. Affected products include: Tdiary Tdiary.