PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_modules_dir parameter. NOTE: CVE disputes this vulnerability, because the inclusion occurs in a function that is not called during a direct request to library.inc.php

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
J-pierre Dezelus
  • Les Visiteurs
Phpmyconferences
  • Phpmyconferences

Configuration 1 [-]

OR cpe:2.3:a:j-pierre_dezelus:les_visiteurs:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:phpmyconferences:phpmyconferences:8.0.2:*:*:*:*:*:*:*

No data.

References
Link Providers
http://securityreason.com/securityalert/1810 cve-icon cve-icon
http://www.attrition.org/pipermail/vim/2006-November/001105.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/450140/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/450467/100/0/threaded cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/29919 cve-icon cve-icon
History

Fri, 17 Jan 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-01-17T14:07:08.360Z

Reserved: 2006-11-02T00:00:00

Link: CVE-2006-5678

cve-icon Vulnrichment

Updated: 2024-08-07T19:55:54.228Z

cve-icon NVD

Status : Modified

Published: 2006-11-03T11:07:00.000

Modified: 2025-01-17T14:15:30.123

Link: CVE-2006-5678

cve-icon Redhat

No data.