Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2006-0869

Опубликовано: 23 фев. 2006
Источник: nvd
CVSS2: 6.4
EPSS Средний

Описание

Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pear:pear_liveuser:0.3:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.5:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.6:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.7:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.8:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.9:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.13.0:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.13.2:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.13.3:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.15.0:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.15.1:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.16.0:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.16.1:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.16.2:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.16.3:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.16.4:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.16.5:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.16.6:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.16.7:*:*:*:*:*:*:*
cpe:2.3:a:pear:pear_liveuser:0.16.8:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.14177
Средний

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-3382-x3p8-5gv7

github
почти 4 года назад

Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.

EPSS

Процентиль: 94%
0.14177
Средний

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other