Vulnerability Details CVE-2006-4878
Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/22014
- http://securityreason.com/securityalert/1607
- http://www.osvdb.org/28964
- http://www.securityfocus.com/archive/1/446318/100/0/threaded
- http://www.securityfocus.com/bid/20061
- http://www.securityfocus.com/bid/20616
- http://www.vupen.com/english/advisories/2006/3688
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29673
- https://www.exploit-db.com/exploits/2593
- http://secunia.com/advisories/22014
- http://securityreason.com/securityalert/1607
- http://www.osvdb.org/28964
- http://www.securityfocus.com/archive/1/446318/100/0/threaded
- http://www.securityfocus.com/bid/20061
- http://www.securityfocus.com/bid/20616
- http://www.vupen.com/english/advisories/2006/3688
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29673
- https://www.exploit-db.com/exploits/2593
Products affected by CVE-2006-4878
-
cpe:2.3:a:david_bennett:php-post:*