Vulnerability Description
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
CVSS Score
2.6
LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 4.0 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
- http://rhn.redhat.com/errata/RHSA-2006-0549.html
- http://secunia.com/advisories/19599ExploitPatchVendor Advisory
- http://secunia.com/advisories/19775
- http://secunia.com/advisories/19979
- http://secunia.com/advisories/21031
- http://secunia.com/advisories/21125
- http://secunia.com/advisories/21135
- http://secunia.com/advisories/21202
- http://secunia.com/advisories/21252
- http://secunia.com/advisories/21723
- http://secunia.com/advisories/22225
- http://securityreason.com/achievement_securityalert/36ExploitPatch
- http://securityreason.com/securityalert/677
- http://securitytracker.com/id?1015881
FAQ
What is CVE-2006-1494?
CVE-2006-1494 is a vulnerability with a CVSS score of 2.6 (LOW). Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempn...
How severe is CVE-2006-1494?
CVE-2006-1494 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1494?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.