Vulnerability Description
Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jemscripts | Downloadcontrol | 1.0 |
References
- http://securityreason.com/securityalert/943
- http://www.osvdb.org/25716
- http://www.securityfocus.com/archive/1/434533/100/0/threaded
- http://www.securityfocus.com/bid/18041Exploit
- http://www.vupen.com/english/advisories/2006/1928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26576
- http://securityreason.com/securityalert/943
- http://www.osvdb.org/25716
- http://www.securityfocus.com/archive/1/434533/100/0/threaded
- http://www.securityfocus.com/bid/18041Exploit
- http://www.vupen.com/english/advisories/2006/1928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26576
FAQ
What is CVE-2006-2552?
CVE-2006-2552 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally...
How severe is CVE-2006-2552?
CVE-2006-2552 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2552?
Check the references section above for vendor advisories and patch information. Affected products include: Jemscripts Downloadcontrol.