|
|
CVE Reference: CVE-2006-0315 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0315 |
|
|
Description: index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/24135 http://xforce.iss.net/xforce/xfdb/24134 SAID Secunia Advisory: SA18043 OSVDB 22684 MISC http://zur.homelinux.com/Advisories/ezdatabase_dir_trans.txt FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0515.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/422071/100/0/threaded BID 16257 |
|
| Return to the previous page. |
