PT-2006-3804 · Knowledgetree · Knowledgetree Open Source

Published

2006-06-07

Updated

2017-07-20

CVE-2006-2886

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions KnowledgeTree Open Source versions 3.0.3 and earlier

Description The issue allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter in the view.php file. This is achieved by displaying the path in the resulting error message. It is noted that this might be a result of another issue, as this vector also produces cross-site scripting (XSS).

Recommendations For KnowledgeTree Open Source versions 3.0.3 and earlier, consider restricting access to the view.php file until a fix is available. As a temporary workaround, avoid using the fDocumentId parameter in the affected endpoint to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2886

Affected Products

Knowledgetree Open Source

PT-2006-3804 · Knowledgetree · Knowledgetree Open Source

CVE-2006-2886

Related Identifiers

Affected Products

References · 5