Vulnerabilities > CVE-2006-1201 - Directory Traversal vulnerability in Eschew.Net PHPBannerExchange
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. (dot dot) in the email parameter during a "Recover password" operation (recoverpw.php).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Nessus
NASL family | CGI abuses |
NASL id | PHPBANNEREXCHANGE_TEMPLATES_FILE_INCLUDES.NASL |
description | The remote host is running phpBannerExchange, a banner exchange script written in PHP. The version of phpBannerExchange installed on the remote host uses a template class that fails to sanitize user-supplied input before using it in a PHP |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21153 |
published | 2006-03-27 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/21153 |
title | phpBannerExchange Template Class Local File Inclusion |
code |
|
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0879.html
- http://secunia.com/advisories/19127
- http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php
- http://www.h4cky0u.org/advisories/HYSA-2006-004-phpbanner.txt
- http://www.osvdb.org/23720
- http://www.securityfocus.com/archive/1/426940/100/0/threaded
- http://www.securityfocus.com/bid/16996
- http://www.vupen.com/english/advisories/2006/0869
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25071
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25080