Lucene search

[email protected]CVE-2006-2770

HistoryJun 02, 2006 - 10:18 a.m.

CVE-2006-2770

2006-06-0210:18:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2770

directory traversal

randompic.php

pppblog

security vulnerability

nvd

7.5 High

AI Score

Confidence

Low

5.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON

Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a … (dot dot) sequence in an index of the “file” array parameter, as demonstrated by file[0].

CPENameOperatorVersion
pppblog:pppblogpppblogle0.3.8

CPE	Name	Operator	Version
pppblog:pppblog	pppblog	le	0.3.8

References

retrogod.altervista.org/pppblog_038_xpl.html

secunia.com/advisories/20375

securityreason.com/securityalert/1015

securitytracker.com/id?1016198

www.securityfocus.com/archive/1/435406/100/0/threaded

www.securityfocus.com/bid/18189

www.vupen.com/english/advisories/2006/2085

exchange.xforce.ibmcloud.com/vulnerabilities/26969

7.5 High

AI Score

Confidence

Low

5.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2006-2770

prion1