Lucene search

[email protected]CVE-2006-0445

HistoryJan 26, 2006 - 10:03 p.m.

CVE-2006-0445

2006-01-2622:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

vulnerability

phpclanwebsite

path disclosure

authenticated users

nvd

7 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.7%

JSON

index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.

CPENameOperatorVersion
phpclanwebsite:phpclanwebsitephpclanwebsiteeq1.23.1

CPE	Name	Operator	Version
phpclanwebsite:phpclanwebsite	phpclanwebsite	eq	1.23.1

References

www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt

www.osvdb.org/22721

www.securityfocus.com/archive/1/423145/100/0/threaded

www.securityfocus.com/bid/16391

7 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.7%

JSON

Related for CVE-2006-0445

prion1