Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0075

4 documents4 sources
Severity
7.5HIGH
EPSS
7.8%
top 8.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Phpbook
Timeline
PublishedJan 4
Latest updateMay 1

Description

Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgnu/phpbook1.3.2+4

Patches

Patch: evuln.comPatch: www.securityfocus.comPatch: evuln.com

🔴Vulnerability Details

2
GHSA
GHSA-x7qp-69q5-6r8h: Direct static code injection vulnerability in phpBook 12022-05-01
CVEList
CVE-2006-0075: Direct static code injection vulnerability in phpBook 12006-01-04

💥Exploits & PoCs

1
Exploit-DB
PHPBook 1.x - Mail Field PHP Code Injection2005-12-29
CVE-2006-0075 (HIGH CVSS 7.5) | Direct static code injection vulner | cvebase.io