PT-2006-5421 · Szewo+1 · Szewo Phpcommander+1

Kacper

Published

2006-09-08

Updated

2017-10-19

CVE-2006-4636

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SZEWO PhpCommander versions 3.0 and earlier

Description A directory traversal issue allows remote attackers to include and execute arbitrary local files by using directory traversal sequences in the Directory parameter. This can be achieved by specifying parameter values that name files, such as Apache HTTP Server log files, which may contain PHP code.

Recommendations For SZEWO PhpCommander versions 3.0 and earlier, as a temporary workaround, consider restricting access to the Directory parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4636

Affected Products

Apache Http Server

Szewo Phpcommander

PT-2006-5421 · Szewo+1 · Szewo Phpcommander+1

CVE-2006-4636

Related Identifiers

Affected Products

References · 5