ID CVE-2006-1162
Summary Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:nodez:nodez:4.6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:nodez:nodez:4.6.1.1:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 17066
misc http://hamid.ir/security/nodez.txt
osvdb 23774
sectrack 1015747
secunia 19165
vupen ADV-2006-0899
xf nodez-op-file-include(25119)
Last major update 20-07-2017 - 01:30
Published 12-03-2006 - 21:02
Last modified 20-07-2017 - 01:30
Back to Top