CVE-2006-0869
CVE-2006-0869
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 3.9%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
23 feb 2006Publicada en NVD
21 feb 2016PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/43834no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://pear.php.net/package/LiveUser/download/http://securityreason.com/securityalert/466http://securitytracker.com/id?1015659https://exchange.xforce.ibmcloud.com/vulnerabilities/24852https://exchange.xforce.ibmcloud.com/vulnerabilities/24853http://www.gulftech.org/?node=research&article_id=00103-02212006http://www.securityfocus.com/archive/1/425711/100/0/threadedhttp://www.securityfocus.com/bid/16761http://www.vupen.com/english/advisories/2006/0697