Lucene search

[email protected]CVE-2006-5731

HistoryNov 06, 2006 - 6:07 p.m.

CVE-2006-5731

2006-11-0618:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5731

lithium cms

directory traversal

vulnerability

remote code execution

nvd

security issue

7.8 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.017 Low

EPSS

Percentile

87.7%

JSON

Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the siteconf[curl] parameter, as demonstrated by a POST to news/comment.php containing PHP code, which is stored under db/comments/news/ and included by classes/index.php.

CPENameOperatorVersion
lithium_cms:lithium_cmslithium cmsle4.04c

CPE	Name	Operator	Version
lithium_cms:lithium_cms	lithium cms	le	4.04c

References

secunia.com/advisories/22593

www.securityfocus.com/bid/20871

www.vupen.com/english/advisories/2006/4361

exchange.xforce.ibmcloud.com/vulnerabilities/29966

www.exploit-db.com/exploits/2702

7.8 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.017 Low

EPSS

Percentile

87.7%

JSON