What is the severity of CVE-2006-6590?

CVE-2006-6590 is classified as a high-severity vulnerability due to its potential to allow remote code execution.

How do I fix CVE-2006-6590?

To fix CVE-2006-6590, the script_folder parameter should be validated and sanitized to prevent remote file inclusion.

Which version of AR Memberscript is affected by CVE-2006-6590?

CVE-2006-6590 affects all versions of AR Memberscript that are susceptible to the remote file inclusion flaw in usercp_menu.php.

Can CVE-2006-6590 lead to a complete server compromise?

Yes, CVE-2006-6590 can potentially lead to complete server compromise if exploited successfully by an attacker.

What types of attacks can be launched using CVE-2006-6590?

Attacks leveraging CVE-2006-6590 can include the execution of arbitrary PHP code, potentially allowing data theft or system control.

Vulnerability/
CVE-2006-6590

high

7.5

CWE

NVD-CWE-Other

15/12/2006

19/10/2017

CVE-2006-6590

First published: Fri Dec 15 2006(Updated: )

PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Php Ar Memberscript

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-6590?
CVE-2006-6590 is classified as a high-severity vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2006-6590?
To fix CVE-2006-6590, the script_folder parameter should be validated and sanitized to prevent remote file inclusion.
Which version of AR Memberscript is affected by CVE-2006-6590?
CVE-2006-6590 affects all versions of AR Memberscript that are susceptible to the remote file inclusion flaw in usercp_menu.php.
Can CVE-2006-6590 lead to a complete server compromise?
Yes, CVE-2006-6590 can potentially lead to complete server compromise if exploited successfully by an attacker.
What types of attacks can be launched using CVE-2006-6590?
Attacks leveraging CVE-2006-6590 can include the execution of arbitrary PHP code, potentially allowing data theft or system control.

collector/nvd-historical
vendor/php
product/ar memberscript
canonical/php ar memberscript
collector/nvd-index
agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2006-6590?
CVE-2006-6590 is classified as a high-severity vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2006-6590?
To fix CVE-2006-6590, the script_folder parameter should be validated and sanitized to prevent remote file inclusion.
Which version of AR Memberscript is affected by CVE-2006-6590?
CVE-2006-6590 affects all versions of AR Memberscript that are susceptible to the remote file inclusion flaw in usercp_menu.php.
Can CVE-2006-6590 lead to a complete server compromise?
Yes, CVE-2006-6590 can potentially lead to complete server compromise if exploited successfully by an attacker.
What types of attacks can be launched using CVE-2006-6590?
Attacks leveraging CVE-2006-6590 can include the execution of arbitrary PHP code, potentially allowing data theft or system control.