CVE-2006-4963

Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:exponent:exponent_cms:0.96.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-09-23 10:07

Updated : 2024-02-28 11:01


NVD link : CVE-2006-4963

Mitre link : CVE-2006-4963

CVE.ORG link : CVE-2006-4963


JSON object : View

Products Affected

exponent

  • exponent_cms