Vulnerability Description
Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Exv2 | Content Management System | <= 2.0.4.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/20161Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29116Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/2415ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/20161Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29116Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/2415ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2006-7079?
CVE-2006-7079 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute ...
How severe is CVE-2006-7079?
CVE-2006-7079 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2006-7079?
Check the references section above for vendor advisories and patch information. Affected products include: Exv2 Content Management System.