Lucene search

[email protected]CVE-2006-1162

HistoryMar 12, 2006 - 9:02 p.m.

CVE-2006-1162

2006-03-1221:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

directory traversal

nodez

remote attacks

php files

7.6 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.3%

JSON

Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a … (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter.

CPENameOperatorVersion
nodez:nodeznodezeq4.6.1.1

CPE	Name	Operator	Version
nodez:nodez	nodez	eq	4.6.1.1

References

hamid.ir/security/nodez.txt

secunia.com/advisories/19165

securitytracker.com/id?1015747

www.osvdb.org/23774

www.securityfocus.com/bid/17066

www.vupen.com/english/advisories/2006/0899

exchange.xforce.ibmcloud.com/vulnerabilities/25119

7.6 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.3%

JSON

Related for CVE-2006-1162

prion1