CVE-2006-4636

2006-09-0820:00:00

mitre

www.cve.org

7.3 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.

References

secunia.com/advisories/21753

www.securityfocus.com/bid/19867

www.vupen.com/english/advisories/2006/3472

www.exploit-db.com/exploits/2310