CVE-2006-3937 : post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1

post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1) user, (2) mail, (3) p, or (4) url parameter, which reveals the installation path in an error message.

Published 2006-07-31 22:04:00

Updated 2018-10-17 21:32:26

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2006-3937

Probability of exploitation activity in the next 30 days: 0.63%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-3937

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2006-3937

Products affected by CVE-2006-3937

Xguestbook » Xguestbook » Version: 1.02
cpe:2.3:a:xguestbook:xguestbook:1.02:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-3937

Exploit prediction scoring system (EPSS) score for CVE-2006-3937

CVSS scores for CVE-2006-3937

References for CVE-2006-3937

Products affected by CVE-2006-3937