Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2006-4914

Published: 21/09/2006 Updated: 20/07/2017
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to A.l-pifou

Vulnerability Summary

Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote malicious users to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.

Vulnerable Product Search on Vulmon Subscribe to Product

a.l-pifou a.l-pifou 1.8p2

References

NVD-CWE-Otherhttp://seclists.org/fulldisclosure/2006/Sep/0341.htmlhttp://www.osvdb.org/29014http://secunia.com/advisories/22038http://www.securityfocus.com/bid/20120http://www.vupen.com/english/advisories/2006/3707https://exchange.xforce.ibmcloud.com/vulnerabilities/29050https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook