CVE-2006-6112

Exploit

EPSS 1.58%
Veröffentlicht 06.12.2006 22:28:00
Zuletzt bearbeitet 16.06.2026 22:32:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

NVD 7 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lifetype ≫ Lifetype Version1.0.2

Lifetype ≫ Lifetype Version1.0.3

Lifetype ≫ Lifetype Version1.0.4

Lifetype ≫ Lifetype Version1.0.5

Lifetype ≫ Lifetype Version1.1.0

Lifetype ≫ Lifetype Version1.1.1

Lifetype ≫ Lifetype Version1.1.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.58%	0.724

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://securityreason.com/securityalert/1980

http://www.lifetype.net/blog.php/lifetype-development-journal/2006/11/30/full_path_disclosure_vulnerability_in_lifetype_1.0.x_and_1.1.x

Patch

Vendor Advisory

http://www.netvigilance.com/advisory0008

Patch

Vendor Advisory

Exploit

http://www.osvdb.org/30685

Vendor Advisory

http://www.securityfocus.com/archive/1/453135/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/30635

https://nvd.nist.gov/vuln/detail/CVE-2006-6112

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6112

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6112

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2006-6112