Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2280

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2280
Last Modified 07 Mar 2011 09:35:52
Published 09 May 2006 10:14:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2280

Summary

Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template parameter.

Vulnerable Systems

Application

  • Openengine 1.7.1

  • Openengine 1.8 Beta2


References

VUPEN - ADV-2006-1728

BID - 17871

BUGTRAQ - 20060507 OpenEngine (PHP CMS)

XF - openengine-website-file-include(26345)

OSVDB - 25359

SECUNIA - 20047


Last Updated: 27 May 2016 10:42:24