Lucene search
HistoryMay 10, 2006 - 2:14 a.m.
CVE-2006-2278
cve-2006-2278
saphplesson 3.0
security vulnerability
array variables
remote attackers
full path
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.3%
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to © showcat.php; or the (3) rows parameter to index.php.
Affected configurations
Node
arablesssaphplessonMatch3.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| arabless:saphplesson | arabless saphplesson | eq | 3.0 |
Related
prion
prion
Path traversal
2006-05-10 02:14:00
cvelist
cvelist
CVE-2006-2278
2006-05-09 23:00:00
nvd
nvd
CVE-2006-2278
2006-05-10 02:14:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.3%
Related for CVE-2006-2278