Vulnerabilities > CVE-2006-3836 - Directory Traversal vulnerability in Chameleon LE

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

unidomedia

exploit available

NVD

Published: 2006-07-25

Updated: 2018-10-17

Summary

Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter.

Vulnerable Configurations

Part	Description	Count
Application	Unidomedia Unidomedia Chameleon LE *	1

Exploit-Db

description	Chameleon LE 1.203 Index.PHP Directory Traversal Vulnerability. CVE-2006-3836. Webapps exploit for php platform
id	EDB-ID:28255
last seen	2016-02-03
modified	2006-07-21
published	2006-07-21
reporter	kicktd
source	https://www.exploit-db.com/download/28255/
title	Chameleon LE 1.203 Index.PHP Directory Traversal Vulnerability

References

http://secunia.com/advisories/21156
http://securityreason.com/securityalert/1280
http://www.securityfocus.com/archive/1/440765/100/0/threaded
http://www.securityfocus.com/bid/19107
http://www.vupen.com/english/advisories/2006/2948
https://exchange.xforce.ibmcloud.com/vulnerabilities/27898