CVE-2006-6852

NameCVE-2006-6852
DescriptionEval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs403345, 404940

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tdiary (PTS)stretch5.0.2-1fixed
buster5.0.11-1fixed
bullseye5.1.5-1fixed
bookworm5.2.3-2fixed
sid, trixie5.3.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tdiarysource(unstable)2.0.2+20060303-5medium403345, 404940
Search for package or bug name: Reporting problems