CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-3387

Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.055

EPSS Ranking 89.9%

CVSS Severity

CVSS v2 Score 5.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26619
https://www.exploit-db.com/exploits/1812
https://exchange.xforce.ibmcloud.com/vulnerabilities/26619
https://www.exploit-db.com/exploits/1812

Products affected by CVE-2006-3387

Fusionphp » Fusion News » Version: 1.0

cpe:2.3:a:fusionphp:fusion_news:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-3387

Products

Pricing

Contact Us