CVE-2006-3360 — MEDIUM (5.0)

Q: How severe is CVE-2006-3360?

CVE-2006-3360 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-3360?

Check the references section above for vendor advisories and patch information. Affected products include: Phpsysinfo Phpsysinfo.

Vulnerability Description

Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Phpsysinfo	Phpsysinfo	<= 2.5.1

Related Weaknesses (CWE)

CWE-22

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.htmlBroken LinkExploit
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.htmlBroken LinkExploit
http://secunia.com/advisories/20939Broken LinkVendor Advisory
http://securitytracker.com/id?1016440Broken LinkThird Party AdvisoryVDB Entry
http://www.osvdb.org/27015Broken Link
http://www.securityfocus.com/bid/18868Broken LinkThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2006/2668Broken LinkPermissions RequiredThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27527Third Party AdvisoryVDB Entry
https://github.com/advisories/GHSA-2wxv-3g4v-p76pThird Party Advisory
https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745Issue TrackingThird Party Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.htmlBroken LinkExploit
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.htmlBroken LinkExploit
http://secunia.com/advisories/20939Broken LinkVendor Advisory
http://securitytracker.com/id?1016440Broken LinkThird Party AdvisoryVDB Entry
http://www.osvdb.org/27015Broken Link

FAQ

What is CVE-2006-3360?

CVE-2006-3360 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in t...

How severe is CVE-2006-3360?

CVE-2006-3360 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-3360?

Check the references section above for vendor advisories and patch information. Affected products include: Phpsysinfo Phpsysinfo.