Lucene search

[email protected]CVE-2006-1677

HistoryApr 11, 2006 - 12:02 a.m.

CVE-2006-1677

2006-04-1100:02:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2006-1677

maxdev mdpro

remote attack

path disclosure

security vulnerability

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.012 Low

EPSS

Percentile

85.1%

JSON

MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php.

CPENameOperatorVersion
maxdev:md-promaxdev md-proeq1.0.72
maxdev:md-promaxdev md-prole1.0.75
maxdev:md-promaxdev md-proeq1.0.73

CPE	Name	Operator	Version
maxdev:md-pro	maxdev md-pro	eq	1.0.72
maxdev:md-pro	maxdev md-pro	le	1.0.75
maxdev:md-pro	maxdev md-pro	eq	1.0.73

References

secunia.com/advisories/19578

www.maxdev.com/Article592.phtml

www.securityfocus.com/archive/1/430370/100/0/threaded

www.securityfocus.com/archive/1/437831/100/100/threaded

www.vupen.com/english/advisories/2006/1282

exchange.xforce.ibmcloud.com/vulnerabilities/25714

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.012 Low

EPSS

Percentile

85.1%

JSON

Related for CVE-2006-1677

prion1