CVE-2006-4986

Grayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for (1) certain files in the includes/content directory, (2) includes/shows_preview.php, and (3) adminpanel/configform.php; and files in adminpanel/includes/ including (4) mailinglist/disphtmltbl.php, (5) mailinglist/dispxls.php, (6) mailinglist/sendshows.php, (7) previews/preview_bio.php, (8) previews/preview_genmerch.php, (9) previews/preview_fliers.php, (10) previews/preview_gbook.php, (11) previews/preview_interviews.php, (12) previews/preview_links.php, (13) previews/preview_lyrics.php, (14) previews/preview_membio.php, (15) previews/preview_merchphotos.php, (16) previews/preview_mp3s.php, (17) previews/preview_news.php, (18) previews/preview_photos.php, (19) previews/preview_releases.php, (20) previews/preview_relmerch.php, (21) previews/preview_relphotos.php, (22) previews/preview_reviews.php, (23) previews/preview_shows.php, (24) previews/preview_wearmerch.php, (25) change_forms/change_bio.php, (26) change_forms/change_fliers.php, (27) change_forms/change_gbook.php, (28) change_forms/change_gen_merch.php, (29) change_forms/change_interview.php, (30) change_forms/change_links.php, (31) change_forms/change_lyrics.php, (32) change_forms/change_members.php, (33) change_forms/change_merch.php, (34) change_forms/change_merch_pic.php, (35) change_forms/change_mp3s.php, (36) change_forms/change_news.php, (37) change_forms/change_photos.php, (38) change_forms/change_rel_merch.php, (39) change_forms/change_rel_pic.php, (40) change_forms/change_releases.php, (41) change_forms/change_reviews.php, (42) change_forms/change_shows.php, and (43) change_forms/change_wear_merch.php, which reveals the path in various error messages.
Configurations

Configuration 1 (hide)

cpe:2.3:a:grayscale:bandsite_cms:1.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:17

Type Values Removed Values Added
References () http://securityreason.com/securityalert/1634 - () http://securityreason.com/securityalert/1634 -
References () http://www.securityfocus.com/archive/1/446576/100/0/threaded - () http://www.securityfocus.com/archive/1/446576/100/0/threaded -
References () http://www.securityfocus.com/bid/20137 - Exploit () http://www.securityfocus.com/bid/20137 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/29085 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/29085 -

Information

Published : 2006-09-26 02:07

Updated : 2024-11-21 00:17


NVD link : CVE-2006-4986

Mitre link : CVE-2006-4986

CVE.ORG link : CVE-2006-4986


JSON object : View

Products Affected

grayscale

  • bandsite_cms