CVE-2006-1114 : Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary

Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.

Published 2006-03-09 13:06:00

Updated 2018-10-18 16:30:50

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2006-1114

Probability of exploitation activity in the next 30 days: 1.71%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-1114

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

References for CVE-2006-1114

Products affected by CVE-2006-1114

Gerrit Van Aaken » Loudblog » Version: 0.41
cpe:2.3:a:gerrit_van_aaken:loudblog:0.41:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-1114

Exploit prediction scoring system (EPSS) score for CVE-2006-1114

CVSS scores for CVE-2006-1114

References for CVE-2006-1114

Products affected by CVE-2006-1114