CVE-2006-0315 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-0315
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0315

Description: index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/24135 http://xforce.iss.net/xforce/xfdb/24134 SAID Secunia Advisory: SA18043 OSVDB 22684 MISC http://zur.homelinux.com/Advisories/ezdatabase_dir_trans.txt FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0515.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/422071/100/0/threaded BID 16257

Return to the previous page.