Lucene search

[email protected]CVE-2006-1963

HistoryApr 21, 2006 - 10:02 a.m.

CVE-2006-1963

2006-04-2110:02:00

[email protected]

web.nvd.nist.gov

cve

directory traversal

pcpin chat

authenticated users

remote code execution

php

nvd

7.1 High

AI Score

Confidence

High

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

76.8%

JSON

Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a “…” (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.

Affected configurations

NVD

Node

pcpinpcpin_chatMatch3.1.5

pcpinpcpin_chatMatch3.1.6

pcpinpcpin_chatMatch3.1.7r

pcpinpcpin_chatMatch3.2.0

pcpinpcpin_chatMatch3.2.1

pcpinpcpin_chatMatch3.2.3

pcpinpcpin_chatMatch4.0

pcpinpcpin_chatMatch5.0.1

pcpinpcpin_chatMatch5.0.2

pcpinpcpin_chatMatch5.0.3

pcpinpcpin_chatMatch5.0.4

CPENameOperatorVersion
pcpin:pcpin_chatpcpin pcpin chateq3.1.5
pcpin:pcpin_chatpcpin pcpin chateq3.1.6
pcpin:pcpin_chatpcpin pcpin chateq3.1.7r
pcpin:pcpin_chatpcpin pcpin chateq3.2.0
pcpin:pcpin_chatpcpin pcpin chateq3.2.1
pcpin:pcpin_chatpcpin pcpin chateq3.2.3
pcpin:pcpin_chatpcpin pcpin chateq4.0
pcpin:pcpin_chatpcpin pcpin chateq5.0.1
pcpin:pcpin_chatpcpin pcpin chateq5.0.2
pcpin:pcpin_chatpcpin pcpin chateq5.0.3

CPE	Name	Operator	Version
pcpin:pcpin_chat	pcpin pcpin chat	eq	3.1.5
pcpin:pcpin_chat	pcpin pcpin chat	eq	3.1.6
pcpin:pcpin_chat	pcpin pcpin chat	eq	3.1.7r
pcpin:pcpin_chat	pcpin pcpin chat	eq	3.2.0
pcpin:pcpin_chat	pcpin pcpin chat	eq	3.2.1
pcpin:pcpin_chat	pcpin pcpin chat	eq	3.2.3
pcpin:pcpin_chat	pcpin pcpin chat	eq	4.0
pcpin:pcpin_chat	pcpin pcpin chat	eq	5.0.1
pcpin:pcpin_chat	pcpin pcpin chat	eq	5.0.2
pcpin:pcpin_chat	pcpin pcpin chat	eq	5.0.3

Rows per page:

1-10 of 111

References

retrogod.altervista.org/pcpin_504_xpl.html

secunia.com/advisories/19708

securitytracker.com/id?1015968

www.securityfocus.com/archive/1/431390/100/0/threaded

www.securityfocus.com/archive/1/436029/100/0/threaded

www.securityfocus.com/bid/17632

www.vupen.com/english/advisories/2006/1441

exchange.xforce.ibmcloud.com/vulnerabilities/25962

7.1 High

AI Score

Confidence

High

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

76.8%

JSON

Related for CVE-2006-1963

nvd1 prion1 cvelist1