5
CVE-2006-0567
- EPSS 1.69%
- Veröffentlicht 07.02.2006 18:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDirectory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".." (dot dot) sequences.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Curtis Farnham ≫ Files Xaraya Module Version0.3.0
Curtis Farnham ≫ Files Xaraya Module Version0.4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.69% | 0.741 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://www.vupen.com/english/advisories/2006/0371
http://xaraya.curtisfarnham.com/articles/Files_0.5.1_-_Security_Fix_and_other_things
https://exchange.xforce.ibmcloud.com/vulnerabilities/24393