exploitDog

CVE-2006-2060

Опубликовано: 26 апр. 2006

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:*:*:*:*:*:*:*

cpe:2.3:a:invision_power_services:invision_power_board:2.1.x:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.03033

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-fq5p-x8r5-xjmq

github

почти 4 года назад

Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.

EPSS

Процентиль: 86%

0.03033

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other