CVE-2006-7086

Опубликовано: 02 мар. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.

Ссылки

http://marc.info/?l=bugtraq&m=116370290529916&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=116373064308228&w=2
Third Party Advisory
http://secunia.com/advisories/22970
Permissions Required
http://www.securityfocus.com/bid/21112
Exploit
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2006/4585
Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/30340
Third Party Advisory
VDB Entry
http://marc.info/?l=bugtraq&m=116370290529916&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=116373064308228&w=2
Third Party Advisory
http://secunia.com/advisories/22970
Permissions Required
http://www.securityfocus.com/bid/21112
Exploit
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2006/4585
Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/30340
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mrcgiguy:hot_links:-:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05445

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-3mff-fpv7-5r9m

github

почти 4 года назад