CVE-2006-7117

{"id": "CVE-2006-7117", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-03-06T01:19:00.000", "references": [{"url": "http://www.securityfocus.com/bid/21352", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30570", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30572", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/2863", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21352", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30570", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30572", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/2863", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via \"..\" sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via \"..\" sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en Kubix 0.7 y anteriores permiten a atacantes remotos (1) incluir y ejecutar archivos locales de su elecci\u00f3n mediante secuencias .. (punto punto) en la cookie de tema (theme cookie) de index.php, las cuales no son manejadas adecuadamente por includes/head.php; y (2) leer archivos de su elecci\u00f3n mediante secuencias .. (punto punto) en el par\u00e1metro file en una acci\u00f3n add_dl de adm_index.php, como se ha demostrado leyendo connect.php."}], "lastModified": "2024-11-21T00:24:26.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kubix:kubix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F02436A-C11C-4DDB-B6DD-63D3E980EA61", "versionEndIncluding": "0.7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}