製品・ソフトウェアに関する情報

JVN脆弱性詳細

Comdev CSV Importer の include.php における PHP リモートファイルインクルージョンの脆弱性

Title	Comdev CSV Importer の include.php における PHP リモートファイルインクルージョンの脆弱性
Summary	以下の製品で使用される Comdev CSV Importer の include.php は、PHP リモートファイルインクルージョンの脆弱性が存在します。 (1) Comdev Contact Form (2) Comdev Customer Helpdesk (3) Comdev Events Calendar (4) Comdev FAQ Support (5) Comdev Guestbook (6) Comdev Links Directory (7) Comdev News Publisher (8) Comdev Newsletter (9) Comdev Photo Gallery (10) Comdev Vote Caster (11) Comdev Web Blogger (12) Comdev eCommerce
Possible impacts	第三者により、path[docroot] パラメータの URL を介して、任意の PHP コードが実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 3, 2006, midnight
Registration Date	June 26, 2012, 3:37 p.m.
Last Update	June 26, 2012, 3:37 p.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected System

comdev

comdev csv importer 3.1 および 4.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-5101	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5101
National Vulnerability Database (NVD)
2	CVE-2006-5101	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5101

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-94	https://jvndb.jvn.jp/ja/cwe/CWE-94.html

ベンダー情報

No	Name	URL
comdev
1	Top Page	http://www.comdevweb.com/index.php

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-5101

Summary	PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.
Publication Date	Oct. 3, 2006, 1:03 p.m.
Registration Date	Jan. 29, 2021, 3:46 p.m.
Last Update	Oct. 18, 2018, 6:41 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:comdev:comdev_csv_importer:3.1:::::::*
cpe:2.3:a:comdev:comdev_csv_importer:4.1:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/22133	SECUNIA	Vendor Advisory
2	http://secunia.com/advisories/22134	SECUNIA	Vendor Advisory
3	http://secunia.com/advisories/22135	SECUNIA	Vendor Advisory
4	http://secunia.com/advisories/22147	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/22149	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/22151	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/22153	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/22154	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/22157	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/22168	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/22169	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/22170	SECUNIA	Vendor Advisory
13	http://securityreason.com/securityalert/1658	SREASON
14	http://www.osvdb.org/29299	OSVDB
15	http://www.osvdb.org/29300	OSVDB
16	http://www.osvdb.org/29301	OSVDB
17	http://www.osvdb.org/29302	OSVDB
18	http://www.osvdb.org/29303	OSVDB
19	http://www.osvdb.org/29304	OSVDB
20	http://www.osvdb.org/29305	OSVDB
21	http://www.osvdb.org/29306	OSVDB
22	http://www.osvdb.org/29307	OSVDB
23	http://www.osvdb.org/29308	OSVDB
24	http://www.osvdb.org/29309	OSVDB
25	http://www.osvdb.org/29310	OSVDB
26	http://www.osvdb.org/29311	OSVDB
27	http://www.securityfocus.com/archive/1/447184/100/0/threaded	BUGTRAQ
28	http://www.securityfocus.com/archive/1/447185/100/0/threaded	BUGTRAQ
29	http://www.securityfocus.com/archive/1/447186/100/0/threaded	BUGTRAQ
30	http://www.securityfocus.com/archive/1/447187/100/0/threaded	BUGTRAQ
31	http://www.securityfocus.com/archive/1/447188/100/0/threaded	BUGTRAQ
32	http://www.securityfocus.com/archive/1/447190/100/0/threaded	BUGTRAQ
33	http://www.securityfocus.com/archive/1/447192/100/0/threaded	BUGTRAQ
34	http://www.securityfocus.com/archive/1/447193/100/0/threaded	BUGTRAQ
35	http://www.securityfocus.com/archive/1/447194/100/0/threaded	BUGTRAQ
36	http://www.securityfocus.com/archive/1/447201/100/0/threaded	BUGTRAQ
37	http://www.securityfocus.com/archive/1/447207/100/0/threaded	BUGTRAQ
38	http://www.securityfocus.com/archive/1/447209/100/0/threaded	BUGTRAQ
39	http://www.securityfocus.com/archive/1/447213/100/0/threaded	BUGTRAQ
40	http://www.vupen.com/english/advisories/2006/3803	VUPEN
41	http://www.vupen.com/english/advisories/2006/3804	VUPEN	Vendor Advisory
42	http://www.vupen.com/english/advisories/2006/3805	VUPEN
43	http://www.vupen.com/english/advisories/2006/3806	VUPEN
44	http://www.vupen.com/english/advisories/2006/3807	VUPEN	Vendor Advisory
45	http://www.vupen.com/english/advisories/2006/3808	VUPEN	Vendor Advisory
46	http://www.vupen.com/english/advisories/2006/3809	VUPEN	Vendor Advisory
47	http://www.vupen.com/english/advisories/2006/3810	VUPEN
48	http://www.vupen.com/english/advisories/2006/3811	VUPEN
49	http://www.vupen.com/english/advisories/2006/3812	VUPEN
50	http://www.vupen.com/english/advisories/2006/3813	VUPEN	Vendor Advisory
51	http://www.vupen.com/english/advisories/2006/3814	VUPEN
52	http://www.vupen.com/english/advisories/2006/3815	VUPEN	Vendor Advisory
53	https://exchange.xforce.ibmcloud.com/vulnerabilities/29220	XF

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-94	コード・インジェクション	https://cwe.mitre.org/data/definitions/94.html