CVE-2006-2633 - Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1

CVE-2006-2633

Summary

Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.

References

Vulnerable Configurations

cpe:2.3:a:andrew_godwin:bytehoard:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.1_alpha:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.1_alpha:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.1_beta:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.1_beta:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.1_delta:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.1_delta:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.1_gamma:*:*:*:*:*:*:*
cpe:2.3:a:andrew_godwin:bytehoard:2.1_gamma:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 18-10-2018 - 16:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:N

refmap via4

bid	18139
bugtraq	20060523 ByteHoard <= 2.1 multiple vulnerabilities
confirm	http://sourceforge.net/forum/forum.php?forum_id=576219 http://sourceforge.net/project/shownotes.php?release_id=420549&group_id=90199
secunia	20304
sreason	968
vupen	ADV-2006-2033
xf	bytehoard-index-directory-traversal(26705)

Last major update

18-10-2018 - 16:41

Published

30-05-2006 - 10:02

Last modified

18-10-2018 - 16:41