Lucene search

[email protected]CVE-2006-3406

HistoryJul 07, 2006 - 12:05 a.m.

CVE-2006-3406

2006-07-0700:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3406

qtofilemanager

directory traversal

remote attack

arbitrary file modification

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

76.2%

JSON

Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a … (dot dot) sequence in the edit parameter.

CPENameOperatorVersion
qto:qtofilemanagerqto qtofilemanagereq1.0

CPE	Name	Operator	Version
qto:qtofilemanager	qto qtofilemanager	eq	1.0

References

securityreason.com/securityalert/1199

www.securityfocus.com/archive/1/438960/100/0/threaded

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

76.2%

JSON