Vulnerability Description
view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jam Warehouse | Knowledgetree Open Source | 3.0.3 |
References
- http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html
- http://www.osvdb.org/26297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26943
- http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html
- http://www.osvdb.org/26297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26943
FAQ
What is CVE-2006-2886?
CVE-2006-2886 is a vulnerability with a CVSS score of 4.3 (MEDIUM). view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error...
How severe is CVE-2006-2886?
CVE-2006-2886 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2886?
Check the references section above for vendor advisories and patch information. Affected products include: Jam Warehouse Knowledgetree Open Source.