Vulnerability Description
Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Onedotoh | Simple File Manager | 0.24a |
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30687
- https://www.exploit-db.com/exploits/2883
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30687
- https://www.exploit-db.com/exploits/2883
FAQ
What is CVE-2006-6376?
CVE-2006-6376 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a downl...
How severe is CVE-2006-6376?
CVE-2006-6376 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6376?
Check the references section above for vendor advisories and patch information. Affected products include: Onedotoh Simple File Manager.