Vulnerability Details : CVE-2006-0869
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
Vulnerability category: Directory traversal
Products affected by CVE-2006-0869
- cpe:2.3:a:pear:pear_liveuser:0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.16.5:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.16.6:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.16.0:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.16.7:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.16.8:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.16.3:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.16.4:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:pear:pear_liveuser:0.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0869
1.98%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0869
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
References for CVE-2006-0869
-
http://www.gulftech.org/?node=research&article_id=00103-02212006
Vendor Advisory
-
http://securityreason.com/securityalert/466
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24852
-
http://securitytracker.com/id?1015659
Patch
-
http://www.vupen.com/english/advisories/2006/0697
-
http://pear.php.net/package/LiveUser/download/
Patch
-
http://www.securityfocus.com/archive/1/425711/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24853
-
http://www.securityfocus.com/bid/16761
Jump to