ID CVE-2006-6254
Summary administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content (source code) of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conn_cahier_de_texte.php. NOTE: it is not clear whether the scope of this issue extends above the web document root, and whether directory traversal is the primary vulnerability. Successful exploitation requirs that "register_globals" is enabled.
References
Vulnerable Configurations
  • cpe:2.3:a:cahier_de_textes:cahier_de_textes:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:cahier_de_textes:cahier_de_textes:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cahier_de_textes:cahier_de_textes:*:*:*:*:*:*:*:*
    cpe:2.3:a:cahier_de_textes:cahier_de_textes:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
bid 21283
bugtraq 20061124 Cahier de texte V2.0 SQL Code Execution Exploit
misc http://acid-root.new.fr/poc/15061124.txt
secunia 23122
sreason 1961
vupen ADV-2006-4701
Last major update 17-10-2018 - 21:47
Published 04-12-2006 - 11:28
Last modified 17-10-2018 - 21:47
Back to Top