Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0434

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0434
Last Modified 03 Jan 2013 12:00:00
Published 26 Jan 2006 06:07:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0434

Summary

Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability.

Vulnerable Systems

Application

  • Phpxplorer -


References

BUGTRAQ - 20060118 phpXplorer file inclusion biyosecurity.be

XF - phpxplorer-sshare-directory-traversal(39982)

BID - 16292


Last Updated: 27 May 2016 10:51:49