PT-2006-1915 · Php Extension Application Repository · Pear Liveuser

James Bercegay

Published

2006-02-23

Updated

2018-10-18

CVE-2006-0869

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions PHP Extension and Application Repository (PEAR) LiveUser versions 0.16.8 and earlier

Description A directory traversal issue exists in the "remember me" feature of liveuser.php, allowing remote attackers to determine file existence. Attackers may also be able to delete arbitrary files with short pathnames or read arbitrary files by using a .. (dot dot) in the store id value of a cookie.

Recommendations For PHP Extension and Application Repository (PEAR) LiveUser versions 0.16.8 and earlier, consider disabling the "remember me" feature in liveuser.php until a patch is available. Restrict access to the store id value of a cookie to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0869

Affected Products

Pear Liveuser

PT-2006-1915 · Php Extension Application Repository · Pear Liveuser

CVE-2006-0869

Related Identifiers

Affected Products

References · 11