CVE-2006-3091 - PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attackers to obtain the installation

CVE-2006-3091

Summary

PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attackers to obtain the installation path via a direct request to (1) /verif.php, (2) /inc/footer.php, and (3) /remises/ajouter_remise.php.

References

Vulnerable Configurations

cpe:2.3:a:phpmyfactures:phpmyfactures:1.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyfactures:phpmyfactures:1.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyfactures:phpmyfactures:*:*:*:*:*:*:*:*
cpe:2.3:a:phpmyfactures:phpmyfactures:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2018 - 16:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20060610 PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others
misc	http://www.acid-root.new.fr/advisories/phpmyfactures.txt
osvdb	26486 26487 26488
secunia	20642
sreason	1111
xf	phpmyfactures-multi-scripts-path-disclosure(27205)

Last major update

18-10-2018 - 16:45

Published

19-06-2006 - 21:02

Last modified

18-10-2018 - 16:45