Lucene search
HistoryDec 11, 2006 - 5:28 p.m.
CVE-2006-6460
cve-2006-6460
yourfreeworld.com
short url
url tracker
script
remote attackers
sensitive information
invalid id parameter
login.php
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.1 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.5%
Yourfreeworld.com Short Url & Url Tracker Script allows remote attackers to obtain sensitive information via an invalid id parameter to login.php, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2509.
Affected configurations
Node
short_urlshort_url
ORurl_tracker_scripturl_tracker_script
| CPE | Name | Operator | Version |
|---|---|---|---|
| short_url:short_url | short url | eq | * |
| url_tracker_script:url_tracker_script | url tracker script | eq | * |
Related
nvd
nvd
CVE-2006-6460
2006-12-11 17:28:00
CVE-2006-2509
2006-05-22 19:02:00
cvelist
cvelist
CVE-2006-6460
2006-12-11 17:00:00
CVE-2006-2509
2006-05-22 19:00:00
prion
prion
Sql injection
2006-05-22 19:02:00
cve
cve
CVE-2006-2509
2006-05-22 19:02:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.1 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.5%
Related for CVE-2006-6460