CVE-2006-0869

EPSS 3.92%
Veröffentlicht 23.02.2006 23:02:00
Zuletzt bearbeitet 16.06.2026 22:21:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

NVD 29 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pear ≫ Pear Liveuser Version0.3

Pear ≫ Pear Liveuser Version0.5

Pear ≫ Pear Liveuser Version0.5.1

Pear ≫ Pear Liveuser Version0.6

Pear ≫ Pear Liveuser Version0.6.1

Pear ≫ Pear Liveuser Version0.7

Pear ≫ Pear Liveuser Version0.8

Pear ≫ Pear Liveuser Version0.8.1

Pear ≫ Pear Liveuser Version0.9

Pear ≫ Pear Liveuser Version0.10.0

Pear ≫ Pear Liveuser Version0.11.0

Pear ≫ Pear Liveuser Version0.11.1

Pear ≫ Pear Liveuser Version0.12.0

Pear ≫ Pear Liveuser Version0.13.0

Pear ≫ Pear Liveuser Version0.13.1

Pear ≫ Pear Liveuser Version0.13.2

Pear ≫ Pear Liveuser Version0.13.3

Pear ≫ Pear Liveuser Version0.14.0

Pear ≫ Pear Liveuser Version0.15.0

Pear ≫ Pear Liveuser Version0.15.1

Pear ≫ Pear Liveuser Version0.16.0

Pear ≫ Pear Liveuser Version0.16.1

Pear ≫ Pear Liveuser Version0.16.2

Pear ≫ Pear Liveuser Version0.16.3

Pear ≫ Pear Liveuser Version0.16.4

Pear ≫ Pear Liveuser Version0.16.5

Pear ≫ Pear Liveuser Version0.16.6

Pear ≫ Pear Liveuser Version0.16.7

Pear ≫ Pear Liveuser Version0.16.8

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.92%	0.89

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://pear.php.net/package/LiveUser/download/

Patch

http://securityreason.com/securityalert/466

http://securitytracker.com/id?1015659

Patch

http://www.gulftech.org/?node=research&article_id=00103-02212006

Vendor Advisory

http://www.securityfocus.com/archive/1/425711/100/0/threaded

http://www.securityfocus.com/bid/16761

http://www.vupen.com/english/advisories/2006/0697

https://exchange.xforce.ibmcloud.com/vulnerabilities/24852

https://exchange.xforce.ibmcloud.com/vulnerabilities/24853

https://nvd.nist.gov/vuln/detail/CVE-2006-0869

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0869

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0869

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2006-0869