CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2006-5846

MEDIUM
6.4
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile17.61th
Published2006年11月10日
Last Modified2026年4月23日

Vulnerability Description

Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2006-5773.

Affected Platforms (CPE)

📦
Freewebshop

Freewebshop

<= 2.2.2

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=116303405916694&w=2
🔗 http://secunia.com/advisories/22786
🔗 http://securitytracker.com/id?1017200
🔗 http://www.freewebshop.org/?id=28
🔗 http://www.freewebshop.org/index.php?id=28
🔗 http://www.securityfocus.com/bid/20969
🔗 http://www.vupen.com/english/advisories/2006/4420
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/30125

相關漏洞威脅

CVE-2007-05317.5

PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attacke...

CVE-2007-64667.5

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands ...

CVE-2006-57727.5

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary S...

CVE-2006-58476.1

Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary...