Vulnerability Details CVE-2006-0869
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.142
EPSS Ranking 94.0%
CVSS Severity
CVSS v2 Score 6.4
References
- http://pear.php.net/package/LiveUser/download/
- http://securityreason.com/securityalert/466
- http://securitytracker.com/id?1015659
- http://www.gulftech.org/?node=research&article_id=00103-02212006
- http://www.securityfocus.com/archive/1/425711/100/0/threaded
- http://www.securityfocus.com/bid/16761
- http://www.vupen.com/english/advisories/2006/0697
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24852
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24853
- http://pear.php.net/package/LiveUser/download/
- http://securityreason.com/securityalert/466
- http://securitytracker.com/id?1015659
- http://www.gulftech.org/?node=research&article_id=00103-02212006
- http://www.securityfocus.com/archive/1/425711/100/0/threaded
- http://www.securityfocus.com/bid/16761
- http://www.vupen.com/english/advisories/2006/0697
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24852
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24853
Products affected by CVE-2006-0869
-
cpe:2.3:a:pear:pear_liveuser:0.10.0
-
cpe:2.3:a:pear:pear_liveuser:0.11.0
-
cpe:2.3:a:pear:pear_liveuser:0.11.1
-
cpe:2.3:a:pear:pear_liveuser:0.12.0
-
cpe:2.3:a:pear:pear_liveuser:0.13.0
-
cpe:2.3:a:pear:pear_liveuser:0.13.1
-
cpe:2.3:a:pear:pear_liveuser:0.13.2
-
cpe:2.3:a:pear:pear_liveuser:0.13.3
-
cpe:2.3:a:pear:pear_liveuser:0.14.0
-
cpe:2.3:a:pear:pear_liveuser:0.15.0
-
cpe:2.3:a:pear:pear_liveuser:0.15.1
-
cpe:2.3:a:pear:pear_liveuser:0.16.0
-
cpe:2.3:a:pear:pear_liveuser:0.16.1
-
cpe:2.3:a:pear:pear_liveuser:0.16.2
-
cpe:2.3:a:pear:pear_liveuser:0.16.3
-
cpe:2.3:a:pear:pear_liveuser:0.16.4
-
cpe:2.3:a:pear:pear_liveuser:0.16.5
-
cpe:2.3:a:pear:pear_liveuser:0.16.6
-
cpe:2.3:a:pear:pear_liveuser:0.16.7
-
cpe:2.3:a:pear:pear_liveuser:0.16.8
-
cpe:2.3:a:pear:pear_liveuser:0.3
-
cpe:2.3:a:pear:pear_liveuser:0.5
-
cpe:2.3:a:pear:pear_liveuser:0.5.1
-
cpe:2.3:a:pear:pear_liveuser:0.6
-
cpe:2.3:a:pear:pear_liveuser:0.6.1
-
cpe:2.3:a:pear:pear_liveuser:0.7
-
cpe:2.3:a:pear:pear_liveuser:0.8
-
cpe:2.3:a:pear:pear_liveuser:0.8.1
-
cpe:2.3:a:pear:pear_liveuser:0.9