cbcvebase.
CVE-2006-0479
published 2006-01-31

CVE-2006-0479: pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by…

PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.11%
86.1th percentile
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).

Affected

1 ranges
VendorProductVersion rangeFixed in
pmwikipmwiki
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.