NVD Vulnerability Detail

CVE-2006-5020

Summary	Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php.
Publication Date	Sept. 28, 2006, 8:07 a.m.
Registration Date	Jan. 29, 2021, 3:46 p.m.
Last Update	Oct. 19, 2017, 10:29 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:solidstate:solidstate::::::::			0.4

Related information, measures and tools

No	URL	refsource
1	http://attrition.org/pipermail/vim/2007-January/001210.html	VIM
2	http://www.osvdb.org/31097	OSVDB
3	http://www.osvdb.org/31098	OSVDB
4	http://www.osvdb.org/31099	OSVDB
5	http://www.osvdb.org/31100	OSVDB
6	http://www.osvdb.org/31104	OSVDB
7	http://www.osvdb.org/31105	OSVDB
8	http://www.osvdb.org/31106	OSVDB
9	http://www.osvdb.org/31107	OSVDB
10	http://www.osvdb.org/31108	OSVDB
11	http://www.osvdb.org/31109	OSVDB
12	http://www.osvdb.org/31110	OSVDB
13	http://www.osvdb.org/31111	OSVDB
14	http://www.osvdb.org/31112	OSVDB
15	http://www.osvdb.org/31113	OSVDB
16	http://www.osvdb.org/31114	OSVDB
17	http://www.osvdb.org/31115	OSVDB
18	http://www.osvdb.org/31116	OSVDB
19	http://www.osvdb.org/31117	OSVDB
20	http://www.osvdb.org/31118	OSVDB
21	http://www.osvdb.org/31119	OSVDB
22	http://www.osvdb.org/31120	OSVDB
23	http://www.osvdb.org/31121	OSVDB
24	http://www.osvdb.org/31122	OSVDB
25	http://www.osvdb.org/31123	OSVDB
26	http://www.osvdb.org/31124	OSVDB
27	http://www.osvdb.org/31125	OSVDB
28	http://www.osvdb.org/31126	OSVDB
29	http://www.osvdb.org/31127	OSVDB
30	http://www.osvdb.org/31128	OSVDB
31	http://www.osvdb.org/31129	OSVDB
32	http://www.osvdb.org/31130	OSVDB
33	http://www.osvdb.org/31131	OSVDB
34	http://www.osvdb.org/31132	OSVDB
35	http://www.osvdb.org/31133	OSVDB
36	http://www.osvdb.org/31134	OSVDB
37	http://www.osvdb.org/31135	OSVDB
38	http://www.osvdb.org/31136	OSVDB
39	http://www.osvdb.org/31137	OSVDB
40	http://www.osvdb.org/31138	OSVDB
41	http://www.osvdb.org/31139	OSVDB
42	http://www.osvdb.org/31141	OSVDB
43	http://www.osvdb.org/31142	OSVDB
44	http://www.osvdb.org/31143	OSVDB
45	http://www.osvdb.org/31144	OSVDB
46	http://www.osvdb.org/31145	OSVDB
47	http://www.osvdb.org/31146	OSVDB
48	http://www.osvdb.org/31147	OSVDB
49	http://www.osvdb.org/31190	OSVDB
50	http://www.osvdb.org/31191	OSVDB
51	http://www.osvdb.org/31192	OSVDB
52	http://www.osvdb.org/31193	OSVDB
53	http://www.osvdb.org/31194	OSVDB
54	http://www.osvdb.org/31197	OSVDB
55	http://www.osvdb.org/31198	OSVDB
56	http://www.osvdb.org/31199	OSVDB
57	http://www.osvdb.org/31200	OSVDB
58	http://www.osvdb.org/31201	OSVDB
59	http://www.osvdb.org/31202	OSVDB
60	http://www.osvdb.org/31203	OSVDB
61	http://www.securityfocus.com/bid/21934	BID
62	http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1	CONFIRM
63	https://exchange.xforce.ibmcloud.com/vulnerabilities/29095	XF
64	https://www.exploit-db.com/exploits/2413	EXPLOIT-DB

Common Vulnerabilities List

JVN Vulnerability Information

SolidState における PHP リモートファイルインクルージョンの脆弱性

Title	SolidState における PHP リモートファイルインクルージョンの脆弱性
Summary	SolidState には、PHP リモートファイルインクルージョンの脆弱性が存在します。
Possible impacts	第三者により、以下を含む manager/pages/ 配下のスクリプトの base_path パラメータ内の URL を介して、任意の PHP コードを実行される可能性があります。 (1) AccountsPage.class.php (2) AddInvoicePage.class.php (3) AddIPAddressPage.class.php (4) AddPaymentPage.class.php (5) AddTaxRulePage.class.php (6) AssignDomainPage.class.php (7) AssignHostingPage.class.php (8) AssignProductPage.class.php (9) BillingPage.class.php (10) BillingPaymentPage.class.php (11) BrowseAccountsPage.class.php (12) BrowseInvoicesPage.class.php (13) ConfigureEditUserPage.class.php (14) ConfigureNewUserPage.class.php (15) ConfigureNewUserReceiptPage.class.php (16) ConfigureUsersPage.class.php (17) DeleteAccountPage.class.php (18) DeleteDomainServicePage.class.php (19) DeleteHostingServicePage.class.php (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php (22) DeleteServerPage.class.php (23) DomainServicesPage.class.php (24) DomainsPage.class.php (25) EditAccountPage.class.php (26) EditDomainPage.class.php (27) EditDomainServicePage.class.php (28) EditHostingServicePage.class.php (29) EditPaymentPage.class.php (30) EditProductPage.class.php (31) EditServerPage.class.php (32) EmailInvoicePage.class.php (33) ExecuteOrderPage.class.php (34) ExpiredDomainsPage.class.php (35) FulfilledOrdersPage.class.php (36) GenerateInvoicesPage.class.php (37) HomePage.class.php (38) InactiveAccountsPage.class.php (39) IPManagerPage.class.php (40) LoginPage.class.php (41) LogPage.class.php (42) ModulesPage.class.php (43) NewAccountPage.class.php (44) NewDomainServicePage.class.php (45) NewProductPage.class.php (46) OutstandingInvoicesPage.class.php (47) PendingAccountsPage.class.php (48) PendingOrdersPage.class.php (49) PrintInvoicePage.class.php (50) ProductsPage.class.php (51) RegisterDomainPage.class.php (52) RegisteredDomainsPage.class.php (53) ServersPage.class.php (54) ServicesHostingServicesPage.class.php (55) ServicesNewHostingPage.class.php (56) ServicesPage.class.php (57) ServicesWebHostingPage.class.php (58) SettingsPage.class.php (59) TaxesPage.class.php (60) TransferDomainPage.class.php (61) ViewAccountPage.class.php (62) ViewDomainServicePage.class.php (63) ViewHostingServicePage.class.php (64) ViewInvoicePage.class.php (65) ViewLogMessagePage.class.php (66) ViewOrderPage.class.php (67) ViewProductPage.class.php (68) ViewServerPage.class.php (69) WelcomeEmailPage.class.php (70) modules/RegistrarModule.class.php (71) modules/SolidStateModule.class.php (72) modules/authorizeaim/authorizeaim.class.php (73) modules/authorizeaim/pages/AAIMConfigPage.class.php
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 27, 2006, midnight
Registration Date	Dec. 20, 2012, 6:02 p.m.
Last Update	Dec. 20, 2012, 6:02 p.m.

Affected System

solidstate

solidstate 0.4 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-5020	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5020
National Vulnerability Database (NVD)
2	CVE-2006-5020	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5020

ベンダー情報

No	Name	URL
solidstate
1	SolidState 0.4.1	http://webscripts.softpedia.com/script/E-Commerce/Billing-Systems/SolidState-34713.html

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.