Lucene search

[email protected]CVE-2006-0244

HistoryJan 18, 2006 - 2:00 a.m.

CVE-2006-0244

2006-01-1802:00:00

[email protected]

web.nvd.nist.gov

cve-2006-0244

directory traversal

phpxplorer

vulnerability

remote attackers

arbitrary files

sshare parameter

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

JSON

Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a … (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root

Affected configurations

NVD

Node

phpxplorerphpxplorerMatch0.9.33

CPENameOperatorVersion
phpxplorer:phpxplorerphpxplorereq0.9.33

CPE	Name	Operator	Version
phpxplorer:phpxplorer	phpxplorer	eq	0.9.33

References

secunia.com/advisories/18518

securityreason.com/securityalert/353

www.arrelnet.com/advisories/adv20060116.html

www.securityfocus.com/archive/1/421997/100/0/threaded

www.securityfocus.com/archive/1/422158/100/0/threaded

www.securityfocus.com/bid/16263

www.vupen.com/english/advisories/2006/0232

exchange.xforce.ibmcloud.com/vulnerabilities/39982

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

JSON

Related for CVE-2006-0244

nvd2 prion2 cvelist2 cve1