Lucene search

[email protected]NVD:CVE-2006-1480

HistoryMar 29, 2006 - 1:06 a.m.

CVE-2006-1480

2006-03-2901:06:00

[email protected]

web.nvd.nist.gov

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.5%

JSON

Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a … (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.

Affected configurations

NVD

Node

dudawebalbumRange≤2.02

References

secunia.com/advisories/19400

www.osvdb.org/24160

www.securityfocus.com/bid/17228

www.vupen.com/english/advisories/2006/1108

exchange.xforce.ibmcloud.com/vulnerabilities/25443

www.exploit-db.com/exploits/1608

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for NVD:CVE-2006-1480

cve1 cvelist1 prion1 openvas1 nessus1