CVE-2006-0714 - Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7

CVE-2006-0714

Summary

Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.

References

Vulnerable Configurations

cpe:2.3:a:flyspray:flyspray:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:flyspray:flyspray:0.9.7:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	16618
bugtraq	20060213 EGS Enterprise Groupware System 1.0 rc4 remote commands execution & FlySpray 0.9.7 remote commands execution
misc	http://retrogod.altervista.org/egs_10rc4_php5_incl_xpl.html
secunia	18847
sreason	432
vupen	ADV-2006-0569
xf	flyspray-adodbpath-file-include(24735)

Last major update

19-10-2018 - 15:45

Published

15-02-2006 - 11:06

Last modified

19-10-2018 - 15:45