Vulnerabilities > CVE-2006-2693 - Information Disclosure vulnerability in Nivisec Hacks List
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE network
nivisec
Summary
Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a ".." in the phpEx parameter. Successful exploitation requires that "register_globals" is enabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secunia.com/advisories/20359
- http://www.nivisec.com/article.php?l=vi&ar=15
- http://www.nukedx.com/?viewdoc=37
- http://www.securityfocus.com/archive/1/435285/100/0/threaded
- http://www.securityfocus.com/bid/18162
- http://www.vupen.com/english/advisories/2006/2034
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26840