CVE-2006-1480

Sažetak

Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.

Reference

http://secunia.com/advisories/19400
http://www.osvdb.org/24160
http://www.securityfocus.com/bid/17228
http://www.vupen.com/english/advisories/2006/1108
https://exchange.xforce.ibmcloud.com/vulnerabilities/25443
https://www.exploit-db.com/exploits/1608

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2017 - 01:29

Objavljeno

29-03-2006 - 01:06