7.5

CVE-2006-1478

Exploit

EPSS 4.76%
Veröffentlicht 29.03.2006 01:06:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Turnkey Web Tools ≫ Php Live Helper Version1.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.76%	0.888

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/19428

http://www.securityfocus.com/archive/1/428976/100/0/threaded

http://www.turnkeywebtools.com/forum/showthread.php?p=10415

Patch

http://www.worlddefacers.de/Public/WD-TMPLH.txt

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/25489

http://securityreason.com/securityalert/641

https://nvd.nist.gov/vuln/detail/CVE-2006-1478

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1478

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1478

EUVD