Vulnerability Description
LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lifetype | Lifetype | 1.0.2 |
References
- http://securityreason.com/securityalert/1980
- http://www.lifetype.net/blog.php/lifetype-development-journal/2006/11/30/full_paPatchVendor Advisory
- http://www.netvigilance.com/advisory0008ExploitPatchVendor Advisory
- http://www.osvdb.org/30685Vendor Advisory
- http://www.securityfocus.com/archive/1/453135/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30635
- http://securityreason.com/securityalert/1980
- http://www.lifetype.net/blog.php/lifetype-development-journal/2006/11/30/full_paPatchVendor Advisory
- http://www.netvigilance.com/advisory0008ExploitPatchVendor Advisory
- http://www.osvdb.org/30685Vendor Advisory
- http://www.securityfocus.com/archive/1/453135/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30635
FAQ
What is CVE-2006-6112?
CVE-2006-6112 is a vulnerability with a CVSS score of 5.0 (MEDIUM). LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct reque...
How severe is CVE-2006-6112?
CVE-2006-6112 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6112?
Check the references section above for vendor advisories and patch information. Affected products include: Lifetype Lifetype.