Lucene search

MitreCVE-2006-6735

HistoryDec 26, 2006 - 11:28 p.m.

CVE-2006-6735

2006-12-2623:28:00

CWE-200

mitre

web.nvd.nist.gov

cve-2006-6735

obie website

mini web shop 2.1.c

remote attackers

sensitive information

directory traversal

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

70.0%

JSON

modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal.

Affected configurations

Nvd

Node

obie_websitemini_web_shopMatch2.1.c

VendorProductVersionCPE
obie_websitemini_web_shop2.1.ccpe:2.3:a:obie_website:mini_web_shop:2.1.c:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
obie_website	mini_web_shop	2.1.c	cpe:2.3:a:obie_website:mini_web_shop:2.1.c:::::::*

References

securityreason.com/securityalert/2072

www.attrition.org/pipermail/vim/2006-December/001197.html

www.securityfocus.com/archive/1/454864/100/0/threaded

www.securityfocus.com/bid/21677

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

70.0%

JSON

Related for CVE-2006-6735