Vulnerability CVE-2006-4651
Published: 2006-09-08   Modified: 2012-02-12

Description:
Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
php download local file include
s3rv3r_hack3r
12.09.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Threesquared.net -> Php download script 

 References:
http://securityreason.com/securityalert/1528
http://www.securityfocus.com/archive/1/445269/100/0/threaded
http://www.securityfocus.com/bid/19872
http://www.vupen.com/english/advisories/2006/3479
https://exchange.xforce.ibmcloud.com/vulnerabilities/28751
Copyright 2024, cxsecurity.com

 

Back to Top