CVE-2006-1114 - Vulnerability Details - OpenCVE

Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gerrit Van Aaken	Loudblog

Configuration 1 [-]

cpe:2.3:a:gerrit_van_aaken:loudblog:0.41:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://loudblog.de/forum/viewtopic.php?id=590
http://secunia.com/advisories/19172
http://www.securityfocus.com/archive/1/426973/100/0/threaded
http://www.securityfocus.com/bid/17023
http://www.vupen.com/english/advisories/2006/0878
https://exchange.xforce.ibmcloud.com/vulnerabilities/25103

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-09T11:00:00

Updated: 2024-08-07T16:56:15.715Z

Reserved: 2006-03-09T00:00:00

Link: CVE-2006-1114

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-03-09T13:06:00.000

Modified: 2024-11-21T00:08:06.703

Link: CVE-2006-1114

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-07T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://loudblog.de/forum/viewtopic.php?id=590"}, {"name": "17023", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17023"}, {"name": "20060307 Loudblog 0.41 SQL Injection, Local file read/include", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/426973/100/0/threaded"}, {"name": "loudblog-index-directory-traversal(25103)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25103"}, {"name": "19172", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19172"}, {"name": "ADV-2006-0878", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0878"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1114", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://loudblog.de/forum/viewtopic.php?id=590", "refsource": "CONFIRM", "url": "http://loudblog.de/forum/viewtopic.php?id=590"}, {"name": "17023", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17023"}, {"name": "20060307 Loudblog 0.41 SQL Injection, Local file read/include", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/426973/100/0/threaded"}, {"name": "loudblog-index-directory-traversal(25103)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25103"}, {"name": "19172", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19172"}, {"name": "ADV-2006-0878", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0878"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:56:15.715Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://loudblog.de/forum/viewtopic.php?id=590"}, {"name": "17023", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17023"}, {"name": "20060307 Loudblog 0.41 SQL Injection, Local file read/include", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/426973/100/0/threaded"}, {"name": "loudblog-index-directory-traversal(25103)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25103"}, {"name": "19172", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19172"}, {"name": "ADV-2006-0878", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0878"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1114", "datePublished": "2006-03-09T11:00:00", "dateReserved": "2006-03-09T00:00:00", "dateUpdated": "2024-08-07T16:56:15.715Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gerrit_van_aaken:loudblog:0.41:*:*:*:*:*:*:*", "matchCriteriaId": "49D065C6-34FF-47E5-AF1E-E342D29EB188", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php."}], "evaluatorSolution": "This vulnerability affects Loudblog versions 0.41 and previous.", "id": "CVE-2006-1114", "lastModified": "2024-11-21T00:08:06.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-09T13:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://loudblog.de/forum/viewtopic.php?id=590"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19172"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/426973/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17023"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0878"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://loudblog.de/forum/viewtopic.php?id=590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19172"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/426973/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0878"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25103"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}