Vulnerabilities > CVE-2006-3972 - Remote vulnerability in Scott Weedon Ajax Chat 0.1

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
scott-weedon
exploit available

Summary

Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter.

Vulnerable Configurations

Part Description Count
Application
Scott_Weedon
1

Exploit-Db

descriptionAjax Chat 0.1 operator_chattranscript.php chatid Parameter Traversal Arbitrary File Access. CVE-2006-3972. Webapps exploit for php platform
idEDB-ID:28305
last seen2016-02-03
modified2006-07-31
published2006-07-31
reporterSirDarckCat
sourcehttps://www.exploit-db.com/download/28305/
titleAjax Chat 0.1 operator_chattranscript.php chatid Parameter Traversal Arbitrary File Access