CVE-2006-4878
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/09/2006
Last modified:
03/04/2025
Description
Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:david_bennett:php-post:*:*:*:*:*:*:*:* | 1.0.1 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/22014
- http://securityreason.com/securityalert/1607
- http://www.osvdb.org/28964
- http://www.securityfocus.com/archive/1/446318/100/0/threaded
- http://www.securityfocus.com/bid/20061
- http://www.securityfocus.com/bid/20616
- http://www.vupen.com/english/advisories/2006/3688
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29673
- https://www.exploit-db.com/exploits/2593
- http://secunia.com/advisories/22014
- http://securityreason.com/securityalert/1607
- http://www.osvdb.org/28964
- http://www.securityfocus.com/archive/1/446318/100/0/threaded
- http://www.securityfocus.com/bid/20061
- http://www.securityfocus.com/bid/20616
- http://www.vupen.com/english/advisories/2006/3688
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29673
- https://www.exploit-db.com/exploits/2593