exploitDog

CVE-2006-0625

Опубликовано: 09 фев. 2006

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:spip:spip:1.8.2d:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:1.8.2e:*:*:*:*:*:*:*

cpe:2.3:a:spip:spip:1.8.2g:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.09677

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2006-0625

debian

почти 20 лет назад

Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and e ...

GHSA-p4gj-wxqq-wmc7

github

почти 4 года назад

Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.

EPSS

Процентиль: 93%

0.09677

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other