Lucene search

[email protected]CVE-2006-6248

HistoryDec 04, 2006 - 11:28 a.m.

CVE-2006-6248

2006-12-0411:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-6248

gphotos 1.5

index.php

sensitive information disclosure

remote attack

6.9 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.006 Low

EPSS

Percentile

79.1%

JSON

index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message.

CPENameOperatorVersion
gphotos:gphotosgphotoseq1.5

CPE	Name	Operator	Version
gphotos:gphotos	gphotos	eq	1.5

References

securityreason.com/securityalert/1951

www.securityfocus.com/archive/1/452025/100/200/threaded

www.securityfocus.com/archive/1/452099/100/200/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/30390

6.9 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.006 Low

EPSS

Percentile

79.1%

JSON