1. CVE-Search
  2. CVE-2006-0869
ID CVE-2006-0869
Summary Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
References
Vulnerable Configurations
  • cpe:2.3:a:pear:pear_liveuser:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.16.5:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.16.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.16.6:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.16.6:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.16.7:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.16.7:*:*:*:*:*:*:*
  • cpe:2.3:a:pear:pear_liveuser:0.16.8:*:*:*:*:*:*:*
    cpe:2.3:a:pear:pear_liveuser:0.16.8:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 18-10-2018 - 16:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 16761
bugtraq 20060221 PEAR LiveUser File Access Vulnerabilities
confirm http://pear.php.net/package/LiveUser/download/
misc http://www.gulftech.org/?node=research&article_id=00103-02212006
sectrack 1015659
sreason 466
vupen ADV-2006-0697
xf
  • liveuser-liveuser-file-access(24852)
  • liveuser-liveuser-file-deletion(24853)
Last major update 18-10-2018 - 16:29
Published 23-02-2006 - 23:02
Last modified 18-10-2018 - 16:29
Back to Top