CVE-2006-2532

Sažetak

stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set.

Reference

http://securityreason.com/securityalert/940
http://www.securityfocus.com/archive/1/434691/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26603

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:40

Objavljeno

22-05-2006 - 23:10