Vulnerability Description
(1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alstrasoft | Webhost Directory | 1.2 |
References
- http://secunia.com/advisories/20276Vendor Advisory
- http://secunia.com/advisories/20278Vendor Advisory
- http://securityreason.com/securityalert/955
- http://www.securityfocus.com/archive/1/434912/100/0/threaded
- http://www.sitepoint.com/forums/showthread.php?t=311969
- http://www.vupen.com/english/advisories/2006/1972
- http://www.vupen.com/english/advisories/2006/1973
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26656
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26661
- http://secunia.com/advisories/20276Vendor Advisory
- http://secunia.com/advisories/20278Vendor Advisory
- http://securityreason.com/securityalert/955
- http://www.securityfocus.com/archive/1/434912/100/0/threaded
- http://www.sitepoint.com/forums/showthread.php?t=311969
- http://www.vupen.com/english/advisories/2006/1972
FAQ
What is CVE-2006-2617?
CVE-2006-2617 is a vulnerability with a CVSS score of 5.0 (MEDIUM). (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, wh...
How severe is CVE-2006-2617?
CVE-2006-2617 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2617?
Check the references section above for vendor advisories and patch information. Affected products include: Alstrasoft Webhost Directory.