Vulnerabilities > CVE-2006-2690 - Remote Security vulnerability in Eva-Web

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

eva-web

NVD

Published: 2006-05-31

Updated: 2008-11-09

Summary

An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters.

Vulnerable Configurations

Part	Description	Count
Application	Eva-Web EVA WEB EVA WEB *	1

References

http://pridels0.blogspot.com/2006/05/eva-web-212-vuln.html