Vulnerability Description
phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpwcms | Phpwcms | 1.2.5_dev |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0423.htmlExploit
- http://www.kapda.ir/advisory-331.htmlExploit
- http://www.osvdb.org/25752
- http://www.osvdb.org/25753
- http://www.vupen.com/english/advisories/2006/1934
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26637
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0423.htmlExploit
- http://www.kapda.ir/advisory-331.htmlExploit
- http://www.osvdb.org/25752
- http://www.osvdb.org/25753
- http://www.vupen.com/english/advisories/2006/1934
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26637
FAQ
What is CVE-2006-6886?
CVE-2006-6886 is a vulnerability with a CVSS score of 5.0 (MEDIUM). phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which r...
How severe is CVE-2006-6886?
CVE-2006-6886 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6886?
Check the references section above for vendor advisories and patch information. Affected products include: Phpwcms Phpwcms.