Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2519

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-2519
Last Modified 07 Mar 2011 09:36:23
Published 22 May 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2519

Summary

Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition.

Vulnerable Systems

Application

  • Phpwcms 1.2.5 Dev


References

XF - phpwcms-spawcontrolclass-file-include(26639)

VUPEN - ADV-2006-1934

BID - 18062

BUGTRAQ - 20060521 [KAPDA::#43] - phpwcms multiple vulnerabilities

MISC - http://www.kapda.ir/advisory-331.html

SECUNIA - 20239

OSVDB - 25756

SREASON - 939


Last Updated: 27 May 2016 10:42:39