|
|
CVE Reference: CVE-2006-1083 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-1083 |
|
|
Description: Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the (1) option[language] and (2) option[template] parameters, and (3) possibly other parameters, to (a) admin.php and (b) other unspecified scripts. NOTE: the admin.php/option[language] vector can be used by remote unauthenticated attackers to include arbitrary files in conjunction with CVE-2006-1085. |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA19116 MISC http://retrogod.altervista.org/php_stats_0191_adv.html http://www.phpstats.net/forum/viewtopic.php?t=140 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/429145/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/428614/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/426762/100/0/threaded BID 16963 |
|
| Return to the previous page. |
