Lucene search

K
cve[email protected]CVE-2006-2660
HistoryJun 13, 2006 - 6:02 p.m.

CVE-2006-2660

2006-06-1318:02:00
web.nvd.nist.gov
1051
cve-2006-2660
php
vulnerability
buffer consumption
local user
bypass restrictions
fixed names
nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename.

Affected configurations

NVD
Node
phpphpMatch4.0.0
OR
phpphpMatch4.0.1
OR
phpphpMatch4.0.2
OR
phpphpMatch4.0.3
OR
phpphpMatch4.0.4
OR
phpphpMatch4.0.5
OR
phpphpMatch4.1.0
OR
phpphpMatch4.1.1
OR
phpphpMatch4.1.2
OR
phpphpMatch4.2.0
OR
phpphpMatch4.2.1
OR
phpphpMatch4.2.2
OR
phpphpMatch4.2.3
OR
phpphpMatch4.3.0
OR
phpphpMatch4.3.1
OR
phpphpMatch4.3.2
OR
phpphpMatch4.3.3
OR
phpphpMatch4.3.4
OR
phpphpMatch4.3.5
OR
phpphpMatch4.3.6
OR
phpphpMatch4.3.7
OR
phpphpMatch4.3.8
OR
phpphpMatch4.3.9
OR
phpphpMatch4.3.10
OR
phpphpMatch4.3.11
OR
phpphpMatch4.4.0
OR
phpphpMatch4.4.1
OR
phpphpMatch4.4.2
OR
phpphpMatch4.4.3
OR
phpphpMatch5.1.4

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%