Vulnerability Description
index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpclanwebsite | Phpclanwebsite | 1.23.1 |
References
- http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txtExploitVendor Advisory
- http://www.osvdb.org/22721
- http://www.securityfocus.com/archive/1/423145/100/0/threaded
- http://www.securityfocus.com/bid/16391
- http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txtExploitVendor Advisory
- http://www.osvdb.org/22721
- http://www.securityfocus.com/archive/1/423145/100/0/threaded
- http://www.securityfocus.com/bid/16391
FAQ
What is CVE-2006-0445?
CVE-2006-0445 is a vulnerability with a CVSS score of 4.0 (MEDIUM). index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display...
How severe is CVE-2006-0445?
CVE-2006-0445 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0445?
Check the references section above for vendor advisories and patch information. Affected products include: Phpclanwebsite Phpclanwebsite.