CVE-2005-3558 - Vulnerability Details - OpenCVE

PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oste	Oste

Configuration 1 [-]

cpe:2.3:a:oste:oste:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/20578
http://secunia.com/advisories/17493
http://securitytracker.com/id?1015163
http://www.securityfocus.com/archive/1/415963/30/0/threaded
http://www.securityfocus.com/bid/15340
http://www.vupen.com/english/advisories/2005/2347
https://exchange.xforce.ibmcloud.com/vulnerabilities/23023

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-16T07:37:00

Updated: 2024-08-07T23:17:23.383Z

Reserved: 2005-11-16T00:00:00

Link: CVE-2005-3558

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-11-16T07:42:00.000

Modified: 2024-11-21T00:02:10.820

Link: CVE-2005-3558

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-07T00:00:00", "descriptions": [{"lang": "en", "value": "PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17493", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17493"}, {"name": "15340", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15340"}, {"name": "20051107 OSTE v1.0 Remote Command Exucetion", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/415963/30/0/threaded"}, {"name": "ADV-2005-2347", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2347"}, {"name": "oste-index-file-include(23023)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23023"}, {"name": "20578", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/20578"}, {"name": "1015163", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015163"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3558", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17493"}, {"name": "15340", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15340"}, {"name": "20051107 OSTE v1.0 Remote Command Exucetion", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/415963/30/0/threaded"}, {"name": "ADV-2005-2347", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2347"}, {"name": "oste-index-file-include(23023)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23023"}, {"name": "20578", "refsource": "OSVDB", "url": "http://osvdb.org/20578"}, {"name": "1015163", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015163"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:17:23.383Z"}, "title": "CVE Program Container", "references": [{"name": "17493", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17493"}, {"name": "15340", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15340"}, {"name": "20051107 OSTE v1.0 Remote Command Exucetion", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/415963/30/0/threaded"}, {"name": "ADV-2005-2347", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2005/2347"}, {"name": "oste-index-file-include(23023)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23023"}, {"name": "20578", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/20578"}, {"name": "1015163", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015163"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3558", "datePublished": "2005-11-16T07:37:00", "dateReserved": "2005-11-16T00:00:00", "dateUpdated": "2024-08-07T23:17:23.383Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oste:oste:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2C284137-4116-42C9-A97B-8203F75E66B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters."}], "id": "CVE-2005-3558", "lastModified": "2024-11-21T00:02:10.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-11-16T07:42:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/20578"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17493"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015163"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/415963/30/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/15340"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2005/2347"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/20578"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17493"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015163"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/415963/30/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/15340"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/2347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23023"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}