CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Alstrasoft: >> E-Friends >> 4.85 Security Vulnerabilities

CVE-2006-4913

Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.

CVSS Score

7.5

EPSS Score

0.063

Published

2006-09-21

Page 1

Vulnerabilities

Vulnerable Software

Alstrasoft: >> E-Friends >> 4.85 Security Vulnerabilities

Products

Pricing

Contact Us