Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0625

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-0625
Last Modified 07 Mar 2011 09:30:28
Published 09 Feb 2006 01:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0625

Summary

Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.

Vulnerable Systems

Application

  • Spip 1.8.2d

  • Spip 1.8.2e

  • Spip 1.8.2g


References

VUPEN - ADV-2006-0483

BID - 16556

MISC - http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html

XF - spip-rss-file-include(24600)

OSVDB - 23086

SECTRACK - 1015602

SECUNIA - 18676


Last Updated: 27 May 2016 10:41:44