7.5
CVE-2006-5733
- EPSS 2.98%
- Veröffentlicht 06.11.2006 18:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:44
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Postnuke Software Foundation ≫ Postnuke Version <= 0.763
Postnuke Software Foundation ≫ Postnuke Version0.762
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.98% | 0.855 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://community.postnuke.com/Article2787.htm
http://secunia.com/advisories/22983
http://www.securityfocus.com/bid/20897
http://www.securityfocus.com/bid/21218
https://exchange.xforce.ibmcloud.com/vulnerabilities/29992
https://www.exploit-db.com/exploits/2707