Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1480

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1480
Last Modified 07 Mar 2011 09:33:10
Published 28 Mar 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1480

Summary

Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.

Vulnerable Systems

Application

  • Duda Webalbum 2.02


References

VUPEN - ADV-2006-1108

BID - 17228

SECUNIA - 19400

MILW0RM - 1608

XF - webalbum-skin2-parameter-file-include(25443)

OSVDB - 24160


Last Updated: 27 May 2016 10:42:05