Vulnerabilities > CVE-2006-4432 - Directory Traversal vulnerability in Zend Platform
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://secunia.com/advisories/21573
- http://securityreason.com/securityalert/1466
- http://www.hardened-php.net/advisory_052006.128.html
- http://www.osvdb.org/28232
- http://www.securityfocus.com/archive/1/444263/100/0/threaded
- http://www.vupen.com/english/advisories/2006/3388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28576