Vulnerability Details CVE-2006-1162
Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 90.0%
CVSS Severity
CVSS v2 Score 5.1
References
- http://hamid.ir/security/nodez.txt
- http://secunia.com/advisories/19165
- http://securitytracker.com/id?1015747
- http://www.osvdb.org/23774
- http://www.securityfocus.com/bid/17066
- http://www.vupen.com/english/advisories/2006/0899
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25119
- http://hamid.ir/security/nodez.txt
- http://secunia.com/advisories/19165
- http://securitytracker.com/id?1015747
- http://www.osvdb.org/23774
- http://www.securityfocus.com/bid/17066
- http://www.vupen.com/english/advisories/2006/0899
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25119