CVE-2006-6392

{"id": "CVE-2006-6392", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-08T01:28:00.000", "references": [{"url": "http://secunia.com/advisories/23190", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21379", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4809", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30619", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23190", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21379", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4809", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30619", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in plx Web Studio (aka plxWebDev) plx Pay 3.2 and earlier allows remote attackers to include and execute arbitrary local files, or obtain user credentials and other sensitive information, via a .. (dot dot) in the read parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "Vulnerabilidad de escalado de directorio en index.php del plx Web Studio (tambi\u00e9n conocido como plxWebDev), plx Pay 3.2 y versiones anteriores permite a atacantes remotos la inclusi\u00f3n y ejecuci\u00f3n de ficheros locales de su elecci\u00f3n, o la obtenci\u00f3n de las credenciales del usuario, as\u00ed como de otra informaci\u00f3n sensible, mediante .. (punto punto)en el par\u00e1metro read. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se obtienen a partir de la informaci\u00f3n de terceros."}], "lastModified": "2024-11-21T00:22:34.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plx_web_studio:plx_pay:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "692E02C2-3A87-44F9-A8E6-01C948A0DD10", "versionEndIncluding": "3.2"}, {"criteria": "cpe:2.3:a:plx_web_studio:plx_pay:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85BF9492-19D6-4ACE-8458-A5CBB1EEC0CF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}