Lucene search

[email protected]CVE-2006-4420

HistoryAug 28, 2006 - 9:04 p.m.

CVE-2006-4420

2006-08-2821:04:00

[email protected]

web.nvd.nist.gov

cve

2006

4420

directory traversal

vulnerability

phaos 0.9.2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via “…” sequences in the lang parameter.

Affected configurations

NVD

Node

phaosphaosMatch0.9

phaosphaosMatch0.9.1

phaosphaosMatch0.9.2

CPENameOperatorVersion
phaos:phaosphaoseq0.9
phaos:phaosphaoseq0.9.1
phaos:phaosphaoseq0.9.2

CPE	Name	Operator	Version
phaos:phaos	phaos	eq	0.9
phaos:phaos	phaos	eq	0.9.1
phaos:phaos	phaos	eq	0.9.2

References

www.securityfocus.com/bid/19710

exchange.xforce.ibmcloud.com/vulnerabilities/28565

www.exploit-db.com/exploits/2253

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2006-4420

cvelist1 nvd1