CVE-2006-2698

Sažetak

Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php.

Reference

http://kapda.ir/advisory-336.html
http://secunia.com/advisories/20316
http://securityreason.com/securityalert/993
http://www.geeklog.net/index.php?topic=Security
http://www.securityfocus.com/archive/1/435295/100/0/threaded
http://www.securityfocus.com/bid/18154
http://www.vupen.com/english/advisories/2006/2050
https://exchange.xforce.ibmcloud.com/vulnerabilities/26864

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:41

Objavljeno

31-05-2006 - 10:06