Vulnerabilities > CVE-2006-0869 - Unspecified vulnerability in Pear Liveuser

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

pear

exploit available

NVD

Published: 2006-02-23

Updated: 2018-10-18

Summary

Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.

Vulnerable Configurations

Part	Description	Count
Application	Pear Pear Pear Liveuser 0.3 Pear Pear Liveuser 0.5 Pear Pear Liveuser 0.5.1 Pear Pear Liveuser 0.6 Pear Pear Liveuser 0.6.1 Pear Pear Liveuser 0.7 Pear Pear Liveuser 0.8 Pear Pear Liveuser 0.8.1 Pear Pear Liveuser 0.9 Pear Pear Liveuser 0.10.0 Pear Pear Liveuser 0.11.0 Pear Pear Liveuser 0.11.1 Pear Pear Liveuser 0.12.0 Pear Pear Liveuser 0.13.0 Pear Pear Liveuser 0.13.1 Pear Pear Liveuser 0.13.2 Pear Pear Liveuser 0.13.3 Pear Pear Liveuser 0.14.0 Pear Pear Liveuser 0.15.0 Pear Pear Liveuser 0.15.1 Pear Pear Liveuser 0.16.0 Pear Pear Liveuser 0.16.1 Pear Pear Liveuser 0.16.2 Pear Pear Liveuser 0.16.3 Pear Pear Liveuser 0.16.4 Pear Pear Liveuser 0.16.5 Pear Pear Liveuser 0.16.6 Pear Pear Liveuser 0.16.7 Pear Pear Liveuser 0.16.8	29

Exploit-Db

description	PEAR LiveUser < 0.16.8 - Arbitrary File Access. CVE-2006-0869. Webapps exploit for PHP platform
id	EDB-ID:43834
last seen	2018-01-24
modified	2016-02-21
published	2016-02-21
reporter	Exploit-DB
source	https://www.exploit-db.com/download/43834/
title	PEAR LiveUser < 0.16.8 - Arbitrary File Access

Summary

Vulnerable Configurations

Exploit-Db

References