Vulnerabilities > CVE-2006-0636 - Remote Command Execution vulnerability in EyeOS Session

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

eyeos-project

NVD

Published: 2006-02-10

Updated: 2018-10-19

Summary

desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable.

Vulnerable Configurations

Part	Description	Count
OS	Eyeos_Project Eyeos Project Eyeos 0.8 Eyeos Project Eyeos 0.8.1 Eyeos Project Eyeos 0.8.1_R1 Eyeos Project Eyeos 0.8.2 Eyeos Project Eyeos 0.8.2_R1 Eyeos Project Eyeos 0.8.2_R2 Eyeos Project Eyeos 0.8.2_R3 Eyeos Project Eyeos 0.8.3 Eyeos Project Eyeos 0.8.3_R1 Eyeos Project Eyeos 0.8.3_R2 Eyeos Project Eyeos 0.8.4 Eyeos Project Eyeos 0.8.4_R1 Eyeos Project Eyeos 0.8.5 Eyeos Project Eyeos 0.8.5_R1 Eyeos Project Eyeos 0.8.6 Eyeos Project Eyeos 0.8.7 Eyeos Project Eyeos 0.8.8 Eyeos Project Eyeos 0.8.9	18

Summary

Vulnerable Configurations

References