← Voltar para CVEs
CVE-2006-0713
N/ADescricao
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado2/15/2006
Ultima modificacao4/16/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
linpha:linpha
Referencias
http://retrogod.altervista.org/linpha_10_local.html(cve@mitre.org)
http://secunia.com/advisories/18808(cve@mitre.org)
http://securityreason.com/securityalert/426(cve@mitre.org)
http://www.securityfocus.com/archive/1/424729/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/bid/16592(cve@mitre.org)
http://www.vupen.com/english/advisories/2006/0535(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24663(cve@mitre.org)
http://retrogod.altervista.org/linpha_10_local.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18808(af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/426(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/424729/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/16592(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0535(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24663(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.