Vulnerability Description
index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Indexcor | Ezdatabase | <= 2.1.1 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0515.htmlExploitVendor Advisory
- http://secunia.com/advisories/18043Vendor Advisory
- http://www.osvdb.org/22684
- http://www.securityfocus.com/archive/1/422071/100/0/threaded
- http://www.securityfocus.com/bid/16257Exploit
- http://zur.homelinux.com/Advisories/ezdatabase_dir_trans.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24134
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24135
- http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0515.htmlExploitVendor Advisory
- http://secunia.com/advisories/18043Vendor Advisory
- http://www.osvdb.org/22684
- http://www.securityfocus.com/archive/1/422071/100/0/threaded
- http://www.securityfocus.com/bid/16257Exploit
- http://zur.homelinux.com/Advisories/ezdatabase_dir_trans.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24134
FAQ
What is CVE-2006-0315?
CVE-2006-0315 is a vulnerability with a CVSS score of 5.8 (MEDIUM). index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, ...
How severe is CVE-2006-0315?
CVE-2006-0315 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0315?
Check the references section above for vendor advisories and patch information. Affected products include: Indexcor Ezdatabase.