1. CVE-Search
  2. CVE-2006-6112
ID CVE-2006-6112
Summary LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.
References
Vulnerable Configurations
  • cpe:2.3:a:lifetype:lifetype:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:lifetype:lifetype:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:lifetype:lifetype:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:lifetype:lifetype:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:lifetype:lifetype:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:lifetype:lifetype:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:lifetype:lifetype:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:lifetype:lifetype:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:lifetype:lifetype:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:lifetype:lifetype:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:lifetype:lifetype:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:lifetype:lifetype:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lifetype:lifetype:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:lifetype:lifetype:1.1.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-10-2018 - 21:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bugtraq 20061130 LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities
confirm http://www.lifetype.net/blog.php/lifetype-development-journal/2006/11/30/full_path_disclosure_vulnerability_in_lifetype_1.0.x_and_1.1.x
misc http://www.netvigilance.com/advisory0008
osvdb 30685
sreason 1980
xf lifetype-multiple-path-disclosure(30635)
Last major update 17-10-2018 - 21:46
Published 06-12-2006 - 22:28
Last modified 17-10-2018 - 21:46
Back to Top