製品・ソフトウェアに関する情報

JVN脆弱性詳細

iManage CMS の component.php における PHP リモートファイルインクルージョンの脆弱性

Title	iManage CMS の component.php における PHP リモートファイルインクルージョンの脆弱性
Summary	iManage CMS の component.php には、PHP リモートファイルインクルージョンの脆弱性が存在します。
Possible impacts	第三者により、absolute _path パラメータ内の以下の php への URL を介して、任意の PHP コード実行される可能性があります。 (1) articles.php (2) contact.php (3) displaypage.php (4) faq.php (5) mainbody.php (6) news.php (7) registration.php (8) whosOnline.php (9) components/com_calendar.php (10) components/com_forum.php (11) components/minibb/index.php (12) components/minibb/bb_admin.php (13) components/minibb/bb_plugins.php (14) modules/mod_calendar.php (15) modules/mod_browser_prefs.php (16) modules/mod_counter.php (17) modules/mod_online.php (18) modules/mod_stats.php (19) modules/mod_weather.php (20) themes/bizz.php (21) themes/default.php (22) themes/simple.php (23) themes/original.php (24) themes/portal.php (25) themes/purple.php
Solution	参考情報を参照して適切な対策を実施してください。
Publication Date	July 24, 2006, midnight
Registration Date	Dec. 20, 2012, 6:02 p.m.
Last Update	Dec. 20, 2012, 6:02 p.m.

Affected System

imaginex-resource

imanage cms 4.0.12 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-3771	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3771
National Vulnerability Database (NVD)
2	CVE-2006-3771	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3771

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-3771

Summary	Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files.
Publication Date	July 24, 2006, 9:19 p.m.
Registration Date	Jan. 29, 2021, 3:42 p.m.
Last Update	Oct. 18, 2018, 6:30 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:imaginex-resource:imanage_cms::::::::			4.0.12

Related information, measures and tools

No	URL	refsource	タグ
1	http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt	MISC	Exploit
2	http://securityreason.com/securityalert/1265	SREASON
3	http://securitytracker.com/id?1016551	SECTRACK
4	http://www.osvdb.org/28647	OSVDB
5	http://www.osvdb.org/28648	OSVDB
6	http://www.osvdb.org/28649	OSVDB
7	http://www.osvdb.org/28650	OSVDB
8	http://www.osvdb.org/28651	OSVDB
9	http://www.osvdb.org/28652	OSVDB
10	http://www.osvdb.org/28653	OSVDB
11	http://www.osvdb.org/28654	OSVDB
12	http://www.osvdb.org/28655	OSVDB
13	http://www.osvdb.org/28656	OSVDB
14	http://www.osvdb.org/28657	OSVDB
15	http://www.osvdb.org/28658	OSVDB
16	http://www.osvdb.org/28659	OSVDB
17	http://www.osvdb.org/28660	OSVDB
18	http://www.osvdb.org/28661	OSVDB
19	http://www.osvdb.org/28662	OSVDB
20	http://www.osvdb.org/28663	OSVDB
21	http://www.osvdb.org/28664	OSVDB
22	http://www.osvdb.org/28665	OSVDB
23	http://www.osvdb.org/28666	OSVDB
24	http://www.osvdb.org/28667	OSVDB
25	http://www.osvdb.org/28668	OSVDB
26	http://www.osvdb.org/28669	OSVDB
27	http://www.osvdb.org/28670	OSVDB
28	http://www.osvdb.org/28671	OSVDB
29	http://www.securityfocus.com/archive/1/440642/100/0/threaded	BUGTRAQ
30	http://www.securityfocus.com/bid/19090	BID
31	https://exchange.xforce.ibmcloud.com/vulnerabilities/27875	XF
32	https://www.exploit-db.com/exploits/2046	EXPLOIT-DB

Common Vulnerabilities List