Directory Traversal Vulnerability in eNdonesia 8.4 Product by eNdonesia
CVE-2006-6872

Currently unrated

Key Information:

Vendor

Endonesia

Status
Endonesia
Vendor
CVE Published:
31 December 2006

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2006-6872?

A directory traversal vulnerability exists in mod.php of eNdonesia 8.4, enabling remote attackers to read arbitrary files on the server by exploiting the mod parameter with crafted input containing a '..' (dot dot) sequence. This flaw poses a risk to the confidentiality of sensitive information, allowing unauthorized access to files outside the intended directory structure.

References

http://www.vupen.com/english/advisories/2006/5187
vdb-entryx_refsource_VUPEN
https://www.exploit-db.com/exploits/3004
exploitx_refsource_EXPLOIT-DB
https://exchange.xforce.ibmcloud.com/vulnerabilities/31117
vdb-entryx_refsource_XF

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

.