Lucene search

K
cve[email protected]CVE-2006-2331
HistoryMay 12, 2006 - 12:02 a.m.

CVE-2006-2331

2006-05-1200:02:00
web.nvd.nist.gov
30
cve-2006-2331
php-fusion
directory traversal
vulnerabilities
remote code execution
security advisory

7.4 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

79.1%

Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a … (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a … (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files.

Affected configurations

NVD
Node
php_fusionphp_fusionMatch6.00.3
OR
php_fusionphp_fusionMatch6.00.105
OR
php_fusionphp_fusionMatch6.00.106
OR
php_fusionphp_fusionMatch6.00.107
OR
php_fusionphp_fusionMatch6.00.109
OR
php_fusionphp_fusionMatch6.00.110
OR
php_fusionphp_fusionMatch6.00.204
OR
php_fusionphp_fusionMatch6.00.206
OR
php_fusionphp_fusionMatch6.00.303
OR
php_fusionphp_fusionMatch6.00.304
OR
php_fusionphp_fusionMatch6.00.306

7.4 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

79.1%

Related for CVE-2006-2331