PT-2006-3955 · Sixcms · Sixcms

Aesthetico

Published

2006-06-16

Updated

2018-10-18

CVE-2006-3050

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SixCMS versions prior to 6.0.6patch2

Description The issue allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter. This is a directory traversal vulnerability in the detail.php file.

Recommendations For versions prior to 6.0.6patch2, update to version 6.0.6patch2 or later to resolve the issue. As a temporary workaround, consider restricting access to the detail.php file or disabling the use of the template parameter until a patch is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3050

Affected Products

Sixcms

PT-2006-3955 · Sixcms · Sixcms

CVE-2006-3050

Related Identifiers

Affected Products

References · 9