7.5

CVE-2006-6175

Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HordeKronolith Version2.0.1
HordeKronolith Version2.0.2
HordeKronolith Version2.0.3
HordeKronolith Version2.0.4
HordeKronolith Version2.0.5
HordeKronolith Version2.0.6
HordeKronolith Version2.1
HordeKronolith Version2.1.1
HordeKronolith Version2.1.2
HordeKronolith Version2.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.24% 0.807
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=445
Patch
Vendor Advisory
http://marc.info/?l=horde-announce&m=116483107007152&w=2
http://marc.info/?l=horde-announce&m=116483121211579&w=2
http://secunia.com/advisories/23145
http://secunia.com/advisories/23780
http://security.gentoo.org/glsa/glsa-200701-11.xml
http://securitytracker.com/id?1017316
http://www.securityfocus.com/bid/21341
Patch
http://www.vupen.com/english/advisories/2006/4775