PT-2006-3610 · Eva · Eva-Web

Published

2006-05-31

Updated

2008-11-09

CVE-2006-2690

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions EVA-Web versions 2.1.2 and earlier

Description The issue allows remote attackers to obtain the full path of the web server. This is achieved by exploiting an unspecified script, likely index.php, using invalid perso or aide parameters.

Recommendations For EVA-Web versions 2.1.2 and earlier, consider restricting access to the vulnerable script, likely index.php, until a patch is available. As a temporary workaround, avoid using the perso and aide parameters in the affected script to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2690

Affected Products

Eva-Web

PT-2006-3610 · Eva · Eva-Web

CVE-2006-2690

Related Identifiers

Affected Products

References · 2