CVE-2006-7110 - Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows

CVE-2006-7110

Summary

Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences.

References

http://drupal.org/node/87101
http://secunia.com/advisories/22261
http://www.securityfocus.com/bid/20312
http://www.vupen.com/english/advisories/2006/3892
https://exchange.xforce.ibmcloud.com/vulnerabilities/29324

Vulnerable Configurations

cpe:2.3:a:drupal:imce_module:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:imce_module:*:*:*:*:*:*:*:*

CVSS

Base:	5.5 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:P

refmap via4

bid	20312
confirm	http://drupal.org/node/87101
secunia	22261
vupen	ADV-2006-3892
xf	imce-delete-file-deletion(29324)

Last major update

29-07-2017 - 01:29

Published

05-03-2007 - 20:19

Last modified

29-07-2017 - 01:29