CVE-2006-7117

Sažetak

Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.

Reference

http://www.securityfocus.com/bid/21352
https://exchange.xforce.ibmcloud.com/vulnerabilities/30570
https://exchange.xforce.ibmcloud.com/vulnerabilities/30572
https://www.exploit-db.com/exploits/2863

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-10-2017 - 01:31

Objavljeno

06-03-2007 - 01:19