1. CVE-Search
  2. CVE-2006-3938
ID CVE-2006-3938
Summary DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages.
References
Vulnerable Configurations
  • cpe:2.3:a:dotclear:dotclear:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:dotclear:dotclear:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dotclear:dotclear:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:dotclear:dotclear:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:dotclear:dotclear:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:dotclear:dotclear:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:dotclear:dotclear:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:dotclear:dotclear:1.2.4:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-10-2018 - 21:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bugtraq
  • 20060722 DotClear : Multiples Full Path Disclosure
  • 20070211 DotClear Full Path Disclosure Vulnerability
misc http://zone14.free.fr/advisories/8/
osvdb
  • 29812
  • 29813
  • 29814
  • 29815
  • 29816
  • 29817
  • 29818
  • 29820
  • 29821
  • 29822
  • 29823
  • 29824
  • 29825
  • 29826
  • 29827
  • 29828
  • 29829
  • 29830
  • 29831
sreason 1307
xf dotclear-multiple-path-disclosure(27913)
Last major update 17-10-2018 - 21:32
Published 31-07-2006 - 22:04
Last modified 17-10-2018 - 21:32
Back to Top