CVE

Id
18435  
CVE No.
CVE-2006-2331  
Status
Candidate  
Description
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files.  
Phase
Assigned (20060511)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
160127 18435 CVE-2006-2331 BUGTRAQ:20060508 PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities  View
160128 18435 CVE-2006-2331 URL:http://www.securityfocus.com/archive/1/archive/1/433277/100/0/threaded  View
160129 18435 CVE-2006-2331 CONFIRM:http://www.php-fusion.co.uk/news.php  View
160130 18435 CVE-2006-2331 CONFIRM:http://www.php-fusion.co.uk/news.php?readmore=321  View
160131 18435 CVE-2006-2331 BID:17898  View
160132 18435 CVE-2006-2331 URL:http://www.securityfocus.com/bid/17898  View
160133 18435 CVE-2006-2331 VUPEN:ADV-2006-1735  View
160134 18435 CVE-2006-2331 URL:http://www.vupen.com/english/advisories/2006/1735  View
160135 18435 CVE-2006-2331 OSVDB:25538  View
160136 18435 CVE-2006-2331 URL:http://www.osvdb.org/25538  View
160137 18435 CVE-2006-2331 OSVDB:25539  View
160138 18435 CVE-2006-2331 URL:http://www.osvdb.org/25539  View
160139 18435 CVE-2006-2331 SECUNIA:19992  View
160140 18435 CVE-2006-2331 URL:http://secunia.com/advisories/19992  View
160141 18435 CVE-2006-2331 SREASON:194  View
160142 18435 CVE-2006-2331 URL:http://securityreason.com/securityalert/194  View
160143 18435 CVE-2006-2331 SREASON:873  View
160144 18435 CVE-2006-2331 URL:http://securityreason.com/securityalert/873  View
160145 18435 CVE-2006-2331 XF:phpfusion-lastseenuserspanel-file-include(26389)  View

Related JVN