CVE-2006-6047

{"id": "CVE-2006-6047", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "authentication": "MULTIPLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-11-22T00:07:00.000", "references": [{"url": "http://secunia.com/advisories/22885", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.0xcafebabe.it/sploits/etm_0612_remote_com.pl", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.etomite.org/forums/index.php?showtopic=6388", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/451838/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/451930/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21135", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4558", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30329", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/2790", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en manager/index.php en Etomite 0.6.1.2 permite a administradores remotos autenticados incluir y ejecutar ficheros locales mediante una secuencia .. en el par\u00e1metro f, como ha sido demostrado inyectando secuencias PHP en un fichero de log de Apache HTTP Server, el cual es entonces incluido por index.php."}], "lastModified": "2018-10-17T21:46:22.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:etomite:etomite:0.6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E547A925-A065-4453-B550-1FF960B70129"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}