PT-2006-6995 · Unknown · Abitwhizzy.Php

Published

2006-12-07

Updated

2008-09-05

CVE-2006-6384

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions abitwhizzy.php versions prior to 20061204

Description The issue allows remote attackers to read arbitrary files via an absolute pathname in the f parameter. This is related to an absolute path traversal vulnerability.

Recommendations For versions prior to 20061204, update to a version released after 20061204 to resolve the issue. As a temporary workaround, consider restricting access to the f parameter in the affected API endpoint until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6384

Affected Products

Abitwhizzy.Php

PT-2006-6995 · Unknown · Abitwhizzy.Php

CVE-2006-6384

Related Identifiers

Affected Products

References · 2