Lucene search

[email protected]CVE-2006-1478

HistoryMar 29, 2006 - 1:06 a.m.

CVE-2006-1478

2006-03-2901:06:00

[email protected]

web.nvd.nist.gov

cve

2006

1478

directory traversal

turnkey web tools

php

live helper

vulnerability

remote authenticated

local files

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php.

Affected configurations

NVD

Node

turnkey_web_toolsphp_live_helperMatch1.8

CPENameOperatorVersion
turnkey_web_tools:php_live_helperturnkey web tools php live helpereq1.8

CPE	Name	Operator	Version
turnkey_web_tools:php_live_helper	turnkey web tools php live helper	eq	1.8

References

secunia.com/advisories/19428

securityreason.com/securityalert/641

www.securityfocus.com/archive/1/428976/100/0/threaded

www.turnkeywebtools.com/forum/showthread.php?p=10415

www.worlddefacers.de/Public/WD-TMPLH.txt

exchange.xforce.ibmcloud.com/vulnerabilities/25489

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2006-1478

prion1 cvelist1 nvd1