CVE-2006-2617 - (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attack

CVE-2006-2617

Summary

(1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection.

References

Vulnerable Configurations

cpe:2.3:a:alstrasoft:webhost_directory:1.2:*:*:*:*:*:*:*
cpe:2.3:a:alstrasoft:webhost_directory:1.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2018 - 16:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20060523 AlstraSoft Web Host Directory v1.2
misc	http://www.sitepoint.com/forums/showthread.php?t=311969
secunia	20276 20278
sreason	955
vupen	ADV-2006-1972 ADV-2006-1973
xf	hs-webhostdirectory-multiple-path-disclosure(26661) webhostdirectory-multiple-path-disclosure(26656)

Last major update

18-10-2018 - 16:40

Published

26-05-2006 - 01:06

Last modified

18-10-2018 - 16:40