Lucene search

[email protected]CVE-2006-6744

HistoryDec 26, 2006 - 11:28 p.m.

CVE-2006-6744

2006-12-2623:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-6744

phpprofiles

directory traversal

vulnerability

nvd

7.5 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

24.2%

JSON

phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts.

CPENameOperatorVersion
phpprofiles:phpprofilesphpprofileseq2.1.0

CPE	Name	Operator	Version
phpprofiles:phpprofiles	phpprofiles	eq	2.1.0

References

sourceforge.net/project/shownotes.php?release_id=460858&group_id=176310

7.5 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

24.2%

JSON