Directory Traversal Vulnerability in phpwcms by phpwcms
CVE-2006-2519

Currently unrated

Key Information:

Vendor: PHPwcms
Status: PHPwcms
Vendor: CVE Published:; 22 May 2006

What is CVE-2006-2519?

A directory traversal vulnerability exists in the phpwcms content management system, specifically within the spaw_control.class.php file. By sending specially crafted requests with dot-dot sequences in the spaw_root parameter, remote attackers can manipulate the application to include arbitrary local files. This flaw underlines security risks associated with improper input validation in file inclusion mechanisms, which can potentially lead to unauthorized exposure of sensitive data or the execution of malicious scripts.

References

http://secunia.com/advisories/20239

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/26639

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2006/1934

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
May 22, 2006
Vulnerability Reserved
May 22, 2006

JSON

PHPwcms

What is CVE-2006-2519?

References

Timeline