CVE-2006-0244

Опубликовано: 18 янв. 2006

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpxplorer:phpxplorer:0.9.33:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13759

Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-cfr7-m7j6-q7hh

github

почти 4 года назад

** DISPUTED ** Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root.