Vulnerability Details : CVE-2006-0244
Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root
Vulnerability category: Directory traversal
Products affected by CVE-2006-0244
- cpe:2.3:a:phpxplorer:phpxplorer:0.9.33:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0244
4.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0244
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2006-0244
-
http://www.vupen.com/english/advisories/2006/0232
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://secunia.com/advisories/18518
About Secunia Research | FlexeraVendor Advisory
-
http://www.securityfocus.com/archive/1/421997/100/0/threaded
-
http://www.arrelnet.com/advisories/adv20060116.html
Just a moment...Exploit;Vendor Advisory
-
http://www.securityfocus.com/bid/16263
Exploit
-
http://www.securityfocus.com/archive/1/422158/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39982
phpXplorer sShare directory traversal CVE-2006-0434 Vulnerability Report
-
http://securityreason.com/securityalert/353
Directory traversal in phpXplorer - CXSecurity.com
Jump to