CVE-2006-1162

EPSS 2.7%

Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/1588unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://hamid.ir/security/nodez.txt http://secunia.com/advisories/19165 http://securitytracker.com/id?1015747 https://exchange.xforce.ibmcloud.com/vulnerabilities/25119 http://www.osvdb.org/23774 http://www.securityfocus.com/bid/17066 http://www.vupen.com/english/advisories/2006/0899