PT-2006-5233 · Zend · Zend Platform

Stefan Esser

Published

2006-08-29

Updated

2018-10-17

CVE-2006-4432

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Zend Platform versions 2.2.1 and earlier

Description A directory traversal issue allows remote attackers to overwrite arbitrary files by using a .. (dot dot) sequence in the final component of the PHPSESSID variable. This issue can potentially be used to perform direct static code injection.

Recommendations For Zend Platform versions 2.2.1 and earlier, update to a version that fixes this issue to prevent directory traversal and potential code injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4432

Affected Products

Zend Platform

PT-2006-5233 · Zend · Zend Platform

CVE-2006-4432

Related Identifiers

Affected Products

References · 8