Vulnerability Details CVE-2006-0445
index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.6%
CVSS Severity
CVSS v2 Score 4.0
References
- http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt
- http://www.osvdb.org/22721
- http://www.securityfocus.com/archive/1/423145/100/0/threaded
- http://www.securityfocus.com/bid/16391
- http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt
- http://www.osvdb.org/22721
- http://www.securityfocus.com/archive/1/423145/100/0/threaded
- http://www.securityfocus.com/bid/16391
Products affected by CVE-2006-0445
-
cpe:2.3:a:phpclanwebsite:phpclanwebsite:1.23.1