Information Disclosure in phpwcms by phpwcms
CVE-2006-6886

Currently unrated

Key Information:

Vendor: PHPwcms
Status: PHPwcms
Vendor: CVE Published:; 31 December 2006

What is CVE-2006-6886?

The phpwcms version 1.2.5-DEV is susceptible to an information disclosure vulnerability that allows remote attackers to retrieve sensitive files through direct URL requests. Specifically, attackers can access 'files.public-userroot.inc.php' and 'files.private.additions.inc.php' which potentially exposes critical server path information via error messages. This unauthorized access could lead to broader implications regarding the security of the affected web application.

References

http://www.osvdb.org/25753

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/26637

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2006/1934

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability Reserved
Jan 4, 2007
Vulnerability published
Dec 31, 2006

JSON

PHPwcms

What is CVE-2006-6886?

References

Timeline