2.6
CVE-2006-2519
- EPSS 1.65%
- Veröffentlicht 22.05.2006 22:02:00
- Zuletzt bearbeitet 16.06.2026 22:25:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDirectory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.65% | 0.734 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:N/I:P/A:N
|
http://secunia.com/advisories/20239
http://securityreason.com/securityalert/939
http://www.kapda.ir/advisory-331.html
http://www.securityfocus.com/archive/1/434706/100/0/threaded
http://www.vupen.com/english/advisories/2006/1934
http://www.osvdb.org/25756
http://www.securityfocus.com/bid/18062
https://exchange.xforce.ibmcloud.com/vulnerabilities/26639