Lucene search

[email protected]CVE-2006-4636

HistorySep 08, 2006 - 8:04 p.m.

CVE-2006-4636

2006-09-0820:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4636

szewo phpcommander

directory traversal

remote code execution

nvd

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.

Affected configurations

NVD

Node

szewophpcommanderRange≤3.0

CPENameOperatorVersion
szewo:phpcommanderszewo phpcommanderle3.0

CPE	Name	Operator	Version
szewo:phpcommander	szewo phpcommander	le	3.0

References

secunia.com/advisories/21753

www.securityfocus.com/bid/19867

www.vupen.com/english/advisories/2006/3472

www.exploit-db.com/exploits/2310

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2006-4636

cvelist1 nvd1