CVE-2006-1212 - Vulnerability Details - OpenCVE

Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a "page" parameter or variable.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Corenews	Corenews

Configuration 1 [-]

cpe:2.3:a:corenews:corenews:2.0.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://attrition.org/pipermail/vim/2006-March/000602.html
http://securityreason.com/securityalert/754
http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1
http://www.osvdb.org/24080
http://www.securityfocus.com/archive/1/427387/100/0/threaded
http://www.securityfocus.com/bid/17067
https://exchange.xforce.ibmcloud.com/vulnerabilities/25180

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-14T01:00:00

Updated: 2024-08-07T17:03:28.476Z

Reserved: 2006-03-14T00:00:00

Link: CVE-2006-1212

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-03-14T01:06:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-1212

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a \"page\" parameter or variable."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1"}, {"name": "754", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/754"}, {"name": "corenews-index-command-execution(25180)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25180"}, {"name": "20060309 CoreNews 2.0.1 Remote Command Exucetion", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/427387/100/0/threaded"}, {"name": "17067", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17067"}, {"name": "24080", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24080"}, {"name": "20060313 Oddness - CoreNews 2.0.1 Remote Command Exucetion", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://attrition.org/pipermail/vim/2006-March/000602.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1212", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a \"page\" parameter or variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1", "refsource": "MISC", "url": "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1"}, {"name": "754", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/754"}, {"name": "corenews-index-command-execution(25180)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25180"}, {"name": "20060309 CoreNews 2.0.1 Remote Command Exucetion", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/427387/100/0/threaded"}, {"name": "17067", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17067"}, {"name": "24080", "refsource": "OSVDB", "url": "http://www.osvdb.org/24080"}, {"name": "20060313 Oddness - CoreNews 2.0.1 Remote Command Exucetion", "refsource": "VIM", "url": "http://attrition.org/pipermail/vim/2006-March/000602.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:03:28.476Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1"}, {"name": "754", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/754"}, {"name": "corenews-index-command-execution(25180)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25180"}, {"name": "20060309 CoreNews 2.0.1 Remote Command Exucetion", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/427387/100/0/threaded"}, {"name": "17067", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17067"}, {"name": "24080", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24080"}, {"name": "20060313 Oddness - CoreNews 2.0.1 Remote Command Exucetion", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://attrition.org/pipermail/vim/2006-March/000602.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1212", "datePublished": "2006-03-14T01:00:00", "dateReserved": "2006-03-14T00:00:00", "dateUpdated": "2024-08-07T17:03:28.476Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:corenews:corenews:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "354DCB34-2B75-420C-A713-FE7A4C83C565", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a \"page\" parameter or variable."}], "id": "CVE-2006-1212", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-14T01:06:00.000", "references": [{"source": "cve@mitre.org", "url": "http://attrition.org/pipermail/vim/2006-March/000602.html"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/754"}, {"source": "cve@mitre.org", "url": "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24080"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/427387/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17067"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://attrition.org/pipermail/vim/2006-March/000602.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/24080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/427387/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17067"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25180"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}