Vulnerability Details : CVE-2006-2519
Potential exploit
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition.
Vulnerability category: Directory traversal
Products affected by CVE-2006-2519
- cpe:2.3:a:phpwcms:phpwcms:1.2.5_dev:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2519
1.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2519
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.6
|
LOW | AV:N/AC:H/Au:N/C:N/I:P/A:N |
4.9
|
2.9
|
NIST |
References for CVE-2006-2519
-
http://secunia.com/advisories/20239
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26639
-
http://www.vupen.com/english/advisories/2006/1934
-
http://securityreason.com/securityalert/939
-
http://www.kapda.ir/advisory-331.html
Exploit;Vendor Advisory
-
http://www.securityfocus.com/archive/1/434706/100/0/threaded
-
http://www.securityfocus.com/bid/18062
-
http://www.osvdb.org/25756
Jump to