Vulnerabilities > CVE-2006-1851 - Input Validation vulnerability in xFlow

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

skymarx-solutions

NVD

Published: 2006-04-19

Updated: 2017-07-20

Summary

xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the (1) action parameter to members_only/index.cgi and (2) page parameter customer_area/index.cgi, probably due to invalid values.

Vulnerable Configurations

Part	Description	Count
Application	Skymarx_Solutions Skymarx Solutions Xflow *	1

References

http://pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html
http://www.securityfocus.com/bid/17614
https://exchange.xforce.ibmcloud.com/vulnerabilities/25855