Lucene search

[email protected]CVE-2006-7110

HistoryMar 05, 2007 - 8:19 p.m.

CVE-2006-7110

2007-03-0520:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

imce

directory traversal

vulnerability

drupal

remote authenticated users

delete

arbitrary files

7.1 High

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

JSON

Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via “…” sequences.

CPENameOperatorVersion
drupal:imce_moduledrupal imce modulele1.5

CPE	Name	Operator	Version
drupal:imce_module	drupal imce module	le	1.5

References

drupal.org/node/87101

secunia.com/advisories/22261

www.securityfocus.com/bid/20312

www.vupen.com/english/advisories/2006/3892

exchange.xforce.ibmcloud.com/vulnerabilities/29324

7.1 High

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

JSON