Vulnerability Description
Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| David Ravenscroft | Hithost | 1.0.0 |
References
- http://secunia.com/advisories/19155Vendor Advisory
- http://www.securityfocus.com/archive/1/426931/100/0/threaded
- http://www.securityfocus.com/archive/1/427631/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25106
- http://secunia.com/advisories/19155Vendor Advisory
- http://www.securityfocus.com/archive/1/426931/100/0/threaded
- http://www.securityfocus.com/archive/1/427631/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25106
FAQ
What is CVE-2006-1235?
CVE-2006-1235 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the...
How severe is CVE-2006-1235?
CVE-2006-1235 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1235?
Check the references section above for vendor advisories and patch information. Affected products include: David Ravenscroft Hithost.