5

CVE-2006-3938

DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DotclearDotclear Version1.2.1
DotclearDotclear Version1.2.2
DotclearDotclear Version1.2.3
DotclearDotclear Version1.2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.09% 0.792
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://securityreason.com/securityalert/1307
http://www.osvdb.org/29812
http://www.osvdb.org/29813
http://www.osvdb.org/29814
http://www.osvdb.org/29815
http://www.osvdb.org/29816
http://www.osvdb.org/29817
http://www.osvdb.org/29818
http://www.osvdb.org/29820
http://www.osvdb.org/29821
http://www.osvdb.org/29822
http://www.osvdb.org/29823
http://www.osvdb.org/29824
http://www.osvdb.org/29825
http://www.osvdb.org/29826
http://www.osvdb.org/29827
http://www.osvdb.org/29828
http://www.osvdb.org/29829
http://www.osvdb.org/29830
http://www.osvdb.org/29831
http://www.securityfocus.com/archive/1/440874/100/100/threaded
http://www.securityfocus.com/archive/1/459820/100/0/threaded
http://zone14.free.fr/advisories/8/
https://exchange.xforce.ibmcloud.com/vulnerabilities/27913