Vulnerabilities > CVE-2006-2278 - Remote Security vulnerability in Arabless Saphplesson 3.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |