CVE-2006-7083

Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html	Exploit Vendor Advisory
http://securityreason.com/securityalert/2322
http://www.osvdb.org/28639
https://exchange.xforce.ibmcloud.com/vulnerabilities/27876

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rigter_portal_system:rigter_portal_system:1.0:::::::*
	cpe:2.3:a:rigter_portal_system:rigter_portal_system:2.0:::::::*
	cpe:2.3:a:rigter_portal_system:rigter_portal_system:3.0:::::::*

History

No history.

Information

Published : 2007-03-02 21:18

Updated : 2024-02-04 17:13

NVD link : CVE-2006-7083

Mitre link : CVE-2006-7083

CVE.ORG link : CVE-2006-7083

JSON object : View

Products Affected

rigter_portal_system

rigter_portal_system

CWE

NVD-CWE-Other

{"id": "CVE-2006-7083", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-03-02T21:18:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2322", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/28639", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27876", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via \"..\" sequences in the id parameter."}, {"lang": "es", "value": "Vulnerabilidad de cruce de directorios en index.php de Rigter Portal System (RPS) 1.0, 2.0, y 3.0 permite a atacantes remotos leer ficheros de su elecci\u00f3n mediante secuencias \"..\" en el par\u00e1metro id."}], "lastModified": "2017-07-29T01:29:49.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rigter_portal_system:rigter_portal_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D4A417F-9811-40DC-A0FF-87D87B6A3D4E"}, {"criteria": "cpe:2.3:a:rigter_portal_system:rigter_portal_system:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "193A55F0-12CA-411D-B01A-9956BF0223A1"}, {"criteria": "cpe:2.3:a:rigter_portal_system:rigter_portal_system:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17593283-37A3-41C5-9D14-31705661AD49"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}