Vulnerability Description
Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simplog | Simplog | <= 1.0.2 |
References
- http://notlegal.ws/simplogsploit.txtURL Repurposed
- http://secunia.com/advisories/19115Vendor Advisory
- http://securityreason.com/securityalert/542
- http://www.securityfocus.com/archive/1/426769/100/0/threaded
- http://www.securityfocus.com/bid/16965
- http://www.vupen.com/english/advisories/2006/0839
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25067
- http://notlegal.ws/simplogsploit.txtURL Repurposed
- http://secunia.com/advisories/19115Vendor Advisory
- http://securityreason.com/securityalert/542
- http://www.securityfocus.com/archive/1/426769/100/0/threaded
- http://www.securityfocus.com/bid/16965
- http://www.vupen.com/english/advisories/2006/0839
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25067
FAQ
What is CVE-2006-1073?
CVE-2006-1073 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters.
How severe is CVE-2006-1073?
CVE-2006-1073 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1073?
Check the references section above for vendor advisories and patch information. Affected products include: Simplog Simplog.