CVE-2006-5028 - Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Ples

CVE-2006-5028

Summary

Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action.

References

Vulnerable Configurations

cpe:2.3:a:swsoft:plesk:7.6:*:windows:*:*:*:*:*
cpe:2.3:a:swsoft:plesk:7.6:*:windows:*:*:*:*:*
cpe:2.3:a:swsoft:plesk_reload:7.5:*:*:*:*:*:*:*
cpe:2.3:a:swsoft:plesk_reload:7.5:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 17-10-2018 - 21:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	20155
bugtraq	20060922 [PLESK 7.5 Reload] & [PLESK 7.6 for MS Windows] path passing and disclosure vulnerability 20070603 Re: [PLESK 7.5 Reload] & [PLESK 7.6 for MS Windows] path passing and disclosure vulnerability
secunia	22058
sreason	1643
xf	plesk-filemanager-directory-traversal(29134)

Last major update

17-10-2018 - 21:40

Published

27-09-2006 - 23:07

Last modified

17-10-2018 - 21:40