PT-2006-7474 · Matteo Lucarelli · 3Editor Cms
3L3Ctric-Cracker
·
Published
2006-12-31
·
Updated
2017-10-19
·
CVE-2006-6877
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Matteo Lucarelli 3editor CMS versions 0.42 and earlier
Description:
A directory traversal issue exists in index.php, allowing remote attackers to include arbitrary files via a .. (dot dot) in the
page parameter when register globals is enabled.Recommendations:
For versions 0.42 and earlier, consider disabling the
register globals setting to mitigate the risk of exploitation. As a temporary workaround, restrict access to the index.php file to minimize the risk of arbitrary file inclusion.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
3Editor Cms