CVE-2006-0445
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/01/2006
Last modified:
03/04/2025
Description
index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:phpclanwebsite:phpclanwebsite:1.23.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt
- http://www.osvdb.org/22721
- http://www.securityfocus.com/archive/1/423145/100/0/threaded
- http://www.securityfocus.com/bid/16391
- http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt
- http://www.osvdb.org/22721
- http://www.securityfocus.com/archive/1/423145/100/0/threaded
- http://www.securityfocus.com/bid/16391