CVE-2006-5263

{"id": "CVE-2006-5263", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-10-12T22:07:00.000", "references": [{"url": "http://secunia.com/advisories/22346", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20453", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4005", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29413", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/2500", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22346", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/20453", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4005", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29413", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/2500", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code."}, {"lang": "es", "value": "Vulnerabilidad de cruce de directorios en templates/header.php3 en phpMyAgenda 3.1 y versiones anteriores permite a atacantes remotos incluir y ejecutar ficheros locales de su elecci\u00f3n mediante .. (punto punto) en el par\u00e1metro language, como se demuestra por un nombre en el valor de par\u00e1metro que aparece en un fichero de trazas de un Servidor HTTP Apache que aparentemente contiene c\u00f3digo PHP."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpmyagenda:phpmyagenda:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EF90645-EB6A-4BC4-AB4A-4044861217C8", "versionEndIncluding": "3.1_beta_1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}