Vulnerabilities > CVE-2006-6872 - Scripts Multiple Input Validation vulnerability in Endonesia 8.4

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

endonesia

exploit available

NVD

Published: 2006-12-31

Updated: 2017-10-19

Summary

Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.

Vulnerable Configurations

Part	Description	Count
Application	Endonesia Endonesia Endonesia 8.4	1

Exploit-Db

description	eNdonesia 8.4 (mod.php/friend.php/admin.php) Multiple Vulnerabilities. CVE-2006-6871,CVE-2006-6872,CVE-2006-6873. Webapps exploit for php platform
file	exploits/php/webapps/3004.txt
id	EDB-ID:3004
last seen	2016-01-31
modified	2006-12-25
platform	php
port
published	2006-12-25
reporter	z1ckX(ru)
source	https://www.exploit-db.com/download/3004/
title	eNdonesia 8.4 mod.php/friend.php/admin.php Multiple Vulnerabilities
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References