Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html | Broken Link Exploit |
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.html | Broken Link Exploit |
http://secunia.com/advisories/20939 | Broken Link Vendor Advisory |
http://securitytracker.com/id?1016440 | Broken Link Third Party Advisory VDB Entry |
http://www.osvdb.org/27015 | Broken Link |
http://www.securityfocus.com/bid/18868 | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2006/2668 | Broken Link Permissions Required Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/27527 | Third Party Advisory VDB Entry |
https://github.com/advisories/GHSA-2wxv-3g4v-p76p | Third Party Advisory |
https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745 | Issue Tracking Third Party Advisory |
Configurations
History
28 Mar 2023, 16:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:phpsysinfo:phpsysinfo:2.0:*:*:*:*:*:*:* cpe:2.3:a:phpsysinfo:phpsysinfo:2.4:*:*:*:*:*:*:* cpe:2.3:a:phpsysinfo:phpsysinfo:2.3:*:*:*:*:*:*:* |
|
References | (OSVDB) http://www.osvdb.org/27015 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/20939 - Broken Link, Vendor Advisory | |
References | (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html - Broken Link, Exploit | |
References | (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.html - Broken Link, Exploit | |
References | (SECTRACK) http://securitytracker.com/id?1016440 - Broken Link, Third Party Advisory, VDB Entry | |
References | (VUPEN) http://www.vupen.com/english/advisories/2006/2668 - Broken Link, Permissions Required, Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/27527 - Third Party Advisory, VDB Entry | |
References | (MISC) https://github.com/advisories/GHSA-2wxv-3g4v-p76p - Third Party Advisory | |
References | (MISC) https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745 - Issue Tracking, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/18868 - Broken Link, Third Party Advisory, VDB Entry | |
CWE | CWE-22 |
18 Jan 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2006-07-06 20:05
Updated : 2023-12-10 10:28
NVD link : CVE-2006-3360
Mitre link : CVE-2006-3360
CVE.ORG link : CVE-2006-3360
JSON object : View
Products Affected
phpsysinfo
- phpsysinfo
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')