Lucene search

[email protected]CVE-2006-4721

HistorySep 12, 2006 - 4:07 p.m.

CVE-2006-4721

2006-09-1216:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

4721

directory traversal

vulnerability

admin.php

ccleague pro sports cms

rc1

remote attackers

arbitrary local files

php code

log file

8.1 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

JSON

Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a … (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file.

CPENameOperatorVersion
ccleague:pro_sports_cmsccleague pro sports cmseq1.0.1_rc1

CPE	Name	Operator	Version
ccleague:pro_sports_cms	ccleague pro sports cms	eq	1.0.1_rc1

References

secunia.com/advisories/21843

sn4k3.persiangig.com/Expl0it/CCleaguePro_V1.0.1RC1%20Directory%20Traversal%20Vulnerability.txt

unkn0wn.awardspace.com/Blog/?p=46

www.securityfocus.com/archive/1/463191/100/0/threaded

www.securityfocus.com/archive/1/463217/100/0/threaded

www.vupen.com/english/advisories/2006/3549

www.exploit-db.com/exploits/2333

8.1 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

JSON