CVE-2006-3365

Опубликовано: 06 июл. 2006

Источник: nvd

CVSS2: 2.6

EPSS Низкий

Описание

V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.

Ссылки

http://securitytracker.com/id?1016340
Exploit
http://www.securityfocus.com/archive/1/437755/100/200/threaded
http://www.securityfocus.com/archive/1/438069/100/200/threaded
http://www.securityfocus.com/bid/18543
http://www.vupen.com/english/advisories/2006/2474
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27395
http://securitytracker.com/id?1016340
Exploit
http://www.securityfocus.com/archive/1/437755/100/200/threaded
http://www.securityfocus.com/archive/1/438069/100/200/threaded
http://www.securityfocus.com/bid/18543
http://www.vupen.com/english/advisories/2006/2474
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27395

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:v3_chat:v3_chat:beta:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00704

Низкий

2.6 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-xxw5-5p2v-w5j9

github

больше 3 лет назад