Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2006-6254
HistoryDec 04, 2006 - 11:28 a.m.

CVE-2006-6254

2006-12-0411:28:00
mitre
web.nvd.nist.gov
23
cahier de texte 2.0
administration
telecharger.php
cve-2006-6254
directory traversal
information security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.025

Percentile

90.2%

JSON

administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content (source code) of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conn_cahier_de_texte.php. NOTE: it is not clear whether the scope of this issue extends above the web document root, and whether directory traversal is the primary vulnerability.

Affected configurations

Nvd
Node
cahier_de_textescahier_de_textesRange2.2
OR
cahier_de_textescahier_de_textesMatch2.0
VendorProductVersionCPE
cahier_de_textescahier_de_textes*cpe:2.3:a:cahier_de_textes:cahier_de_textes:*:*:*:*:*:*:*:*
cahier_de_textescahier_de_textes2.0cpe:2.3:a:cahier_de_textes:cahier_de_textes:2.0:*:*:*:*:*:*:*

Related

exploitdb 1
cvelist 1
nvd 1
exploitdb
exploitdb
Cahier de texte 2.0 - Database Backup / Source Disclosure
2006-11-24 00:00:00
cvelist
cvelist
CVE-2006-6254
2006-12-04 11:00:00
nvd
nvd
CVE-2006-6254
2006-12-04 11:28:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.025

Percentile

90.2%

JSON
Related for CVE-2006-6254
exploitdb1cvelist1nvd1