Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0244

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0244
Last Modified 07 Mar 2011 09:29:38
Published 17 Jan 2006 08:51:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0244

Summary

** DISPUTED ** Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root.

Vulnerable Systems

Application

  • Phpxplorer 0.9.33


References

VUPEN - ADV-2006-0232

BID - 16263

BUGTRAQ - 20060116 Re: Directory traversal in phpXplorer

BUGTRAQ - 20060116 Directory traversal in phpXplorer

MISC - http://www.arrelnet.com/advisories/adv20060116.html

SECUNIA - 18518

XF - phpxplorer-sshare-directory-traversal(39982)

SREASON - 353


Last Updated: 27 May 2016 10:41:35