CVE-2006-1346 : Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards

Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.

Published 2006-03-22 01:02:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2006-1346

Greg Neustaetter » Gcards
Versions up to, including, (<=) 1.45
cpe:2.3:a:greg_neustaetter:gcards:*:*:*:*:*:*:*:*
Matching versions
Greg Neustaetter » Gcards » Version: 1.43
cpe:2.3:a:greg_neustaetter:gcards:1.43:*:*:*:*:*:*:*
Matching versions
Greg Neustaetter » Gcards » Version: 1.44
cpe:2.3:a:greg_neustaetter:gcards:1.44:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-1346

EPSS FAQ

8.60%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 92 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-1346

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

References for CVE-2006-1346

Jump to

Vulnerability Details : CVE-2006-1346

Products affected by CVE-2006-1346

Exploit prediction scoring system (EPSS) score for CVE-2006-1346

CVSS scores for CVE-2006-1346

References for CVE-2006-1346