Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:
CVE Vulnerabilities
39671
Checklists
129
US-CERT Alerts
187
US-CERT Vuln Notes
2351
OVAL Queries
2517
CPE Names
17905

Last updated: Sun Nov 22 07:28:55 EST 2009

CVE Publication rate: 9.9

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 5.4

About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber-Alert System

Vulnerability Summary for CVE-2006-5101

Original release date:10/03/2006
Last revised:09/05/2008
Source: US-CERT/NIST

Overview

PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BUGTRAQ
Name: 20060927 Comdev Events Calendar 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447213/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev Newsletter 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447209/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev Guestbook 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447207/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev FAQ Support 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447201/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev eCommerce 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447194/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev Web Blogger 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447193/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev Contact Form 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447192/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev News Publisher 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447190/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev Customer Helpdesk 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447188/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev Photo Gallery 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447187/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev Vote Caster 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447186/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev Links Directory 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447185/100/0/threaded
External Source: BUGTRAQ
Name: 20060927 Comdev CSV Importer 3.1 :) <= Remote File Inclusion
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/447184/100/0/threaded
External Source: OSVDB
Name: 29311
Hyperlink:http://www.osvdb.org/29311
External Source: OSVDB
Name: 29310
Hyperlink:http://www.osvdb.org/29310
External Source: OSVDB
Name: 29309
Hyperlink:http://www.osvdb.org/29309
External Source: OSVDB
Name: 29308
Hyperlink:http://www.osvdb.org/29308
External Source: OSVDB
Name: 29307
Hyperlink:http://www.osvdb.org/29307
External Source: OSVDB
Name: 29306
Hyperlink:http://www.osvdb.org/29306
External Source: OSVDB
Name: 29305
Hyperlink:http://www.osvdb.org/29305
External Source: OSVDB
Name: 29304
Hyperlink:http://www.osvdb.org/29304
External Source: OSVDB
Name: 29303
Hyperlink:http://www.osvdb.org/29303
External Source: OSVDB
Name: 29302
Hyperlink:http://www.osvdb.org/29302
External Source: OSVDB
Name: 29301
Hyperlink:http://www.osvdb.org/29301
External Source: OSVDB
Name: 29300
Hyperlink:http://www.osvdb.org/29300
External Source: OSVDB
Name: 29299
Hyperlink:http://www.osvdb.org/29299
External Source: VUPEN
Name: ADV-2006-3815
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3815
External Source: VUPEN
Name: ADV-2006-3814
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3814
External Source: VUPEN
Name: ADV-2006-3813
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3813
External Source: VUPEN
Name: ADV-2006-3812
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3812
External Source: VUPEN
Name: ADV-2006-3811
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3811
External Source: VUPEN
Name: ADV-2006-3810
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3810
External Source: VUPEN
Name: ADV-2006-3809
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3809
External Source: VUPEN
Name: ADV-2006-3808
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3808
External Source: VUPEN
Name: ADV-2006-3807
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3807
External Source: VUPEN
Name: ADV-2006-3806
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3806
External Source: VUPEN
Name: ADV-2006-3805
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3805
External Source: VUPEN
Name: ADV-2006-3804
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3804
External Source: VUPEN
Name: ADV-2006-3803
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2006/3803
External Source: SECUNIA
Name: 22169
Type: Advisory
Hyperlink:http://secunia.com/advisories/22169
External Source: SECUNIA
Name: 22168
Type: Advisory
Hyperlink:http://secunia.com/advisories/22168
External Source: SECUNIA
Name: 22157
Type: Advisory
Hyperlink:http://secunia.com/advisories/22157
External Source: SECUNIA
Name: 22154
Type: Advisory
Hyperlink:http://secunia.com/advisories/22154
External Source: SECUNIA
Name: 22153
Type: Advisory
Hyperlink:http://secunia.com/advisories/22153
External Source: SECUNIA
Name: 22151
Type: Advisory
Hyperlink:http://secunia.com/advisories/22151
External Source: SECUNIA
Name: 22149
Type: Advisory
Hyperlink:http://secunia.com/advisories/22149
External Source: SECUNIA
Name: 22147
Type: Advisory
Hyperlink:http://secunia.com/advisories/22147
External Source: SECUNIA
Name: 22135
Type: Advisory
Hyperlink:http://secunia.com/advisories/22135
External Source: SECUNIA
Name: 22134
Type: Advisory
Hyperlink:http://secunia.com/advisories/22134
External Source: SECUNIA
Name: 22133
Type: Advisory
Hyperlink:http://secunia.com/advisories/22133
External Source: XF
Name: comdev-include-file-include(29220)
Hyperlink:http://xforce.iss.net/xforce/xfdb/29220
External Source: SREASON
Name: 1658
Hyperlink:http://securityreason.com/securityalert/1658
External Source: SECUNIA
Name: 22170
Hyperlink:http://secunia.com/advisories/22170

Vulnerable software and versions

Nav control imageConfiguration 1
spacerNav control imageOR
spacerspacerNav control image* cpe:/a:comdev:comdev_csv_importer:3.1
spacerspacerNav control image* cpe:/a:comdev:comdev_csv_importer:4.1
* Denotes Vulnerable Software
* Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)
CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5101