CVE-2006-5604

Properties

Published:
29.10.2006
Updated:
31.10.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
phpCards: phpCards

Vulnerability description

Directory traversal vulnerability in phpcards.header.php in phpCards 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CardLanguageFile parameter.

References:

SECTRACK: http://securitytracker.com/id?1017070
XF: http://xforce.iss.net/xforce/xfdb/29615