CVE-2006-0590 - MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to

CVE-2006-0590

Summary

MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax.

References

http://kapda.ir/advisory-249.html
http://securityreason.com/securityalert/413
http://www.securityfocus.com/archive/1/423950/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:jaia_interactive:mytopix:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:jaia_interactive:mytopix:1.2.3:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20060204 [KAPDA::#26] - MyTopix Sql Injection & Path Disclosure
misc	http://kapda.ir/advisory-249.html
sreason	413

Last major update

19-10-2018 - 15:45

Published

08-02-2006 - 01:02

Last modified

19-10-2018 - 15:45