Vulnerability Description
V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| V3 Chat | V3 Chat | beta |
Related Weaknesses (CWE)
References
- http://securitytracker.com/id?1016340Exploit
- http://www.securityfocus.com/archive/1/437755/100/200/threaded
- http://www.securityfocus.com/archive/1/438069/100/200/threaded
- http://www.securityfocus.com/bid/18543
- http://www.vupen.com/english/advisories/2006/2474Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27395
- http://securitytracker.com/id?1016340Exploit
- http://www.securityfocus.com/archive/1/437755/100/200/threaded
- http://www.securityfocus.com/archive/1/438069/100/200/threaded
- http://www.securityfocus.com/bid/18543
- http://www.vupen.com/english/advisories/2006/2474Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27395
FAQ
What is CVE-2006-3365?
CVE-2006-3365 is a vulnerability with a CVSS score of 2.6 (LOW). V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an err...
How severe is CVE-2006-3365?
CVE-2006-3365 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3365?
Check the references section above for vendor advisories and patch information. Affected products include: V3 Chat V3 Chat.