Vulnerabilities > CVE-2006-1963 - Unspecified vulnerability in Pcpin Chat
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
References
- http://retrogod.altervista.org/pcpin_504_xpl.html
- http://retrogod.altervista.org/pcpin_504_xpl.html
- http://secunia.com/advisories/19708
- http://secunia.com/advisories/19708
- http://securitytracker.com/id?1015968
- http://securitytracker.com/id?1015968
- http://www.securityfocus.com/archive/1/431390/100/0/threaded
- http://www.securityfocus.com/archive/1/431390/100/0/threaded
- http://www.securityfocus.com/archive/1/436029/100/0/threaded
- http://www.securityfocus.com/archive/1/436029/100/0/threaded
- http://www.securityfocus.com/bid/17632
- http://www.securityfocus.com/bid/17632
- http://www.vupen.com/english/advisories/2006/1441
- http://www.vupen.com/english/advisories/2006/1441
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25962
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25962