Vulnerabilities > CVE-2006-2633 - Unspecified vulnerability in Andrew Godwin Bytehoard

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

andrew-godwin

NVD

Published: 2006-05-30

Updated: 2018-10-18

Summary

Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.

Vulnerable Configurations

Part	Description	Count
Application	Andrew_Godwin Andrew Godwin Bytehoard 2.0.0 Andrew Godwin Bytehoard 2.0.1 Andrew Godwin Bytehoard 2.0.2 Andrew Godwin Bytehoard 2.0.3 Andrew Godwin Bytehoard 2.0.4 Andrew Godwin Bytehoard 2.0.5 Andrew Godwin Bytehoard 2.0_Beta1 Andrew Godwin Bytehoard 2.0_Beta2 Andrew Godwin Bytehoard 2.1_Alpha Andrew Godwin Bytehoard 2.1_Beta Andrew Godwin Bytehoard 2.1_Delta Andrew Godwin Bytehoard 2.1_Gamma	12

Summary

Vulnerable Configurations

References