Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0132

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0132
Last Modified 07 Mar 2011 09:29:22
Published 09 Jan 2006 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0132

Summary

Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter.

Vulnerable Systems

Application

  • Webftp 1.2.6


References

SECUNIA - 18355

VUPEN - ADV-2006-0090

BID - 16175

BUGTRAQ - 20060104 SysCP WebFTP local file inclusion vulnerability

XF - webftp-language-file-include(24018)


Last Updated: 27 May 2016 10:41:32