1. Home
  2. CVE Database
  3. CVE-2006-0713
MEDIUM · 5.0

CVE-2006-0713

Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in ...

Vulnerability Description

Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
LinphaLinpha0.9.0

References

FAQ

What is CVE-2006-0713?

CVE-2006-0713 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in ...

How severe is CVE-2006-0713?

CVE-2006-0713 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-0713?

Check the references section above for vendor advisories and patch information. Affected products include: Linpha Linpha.