CVE-2006-5617 : Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or dow

Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter.

Published 2006-10-31 01:07:00

Updated 2018-10-17 21:43:57

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2006-5617

Probability of exploitation activity in the next 30 days: 0.45%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-5617

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-5617

Products affected by CVE-2006-5617

Thepeak » Thepeak File Upload Manager » Version: 1.3
cpe:2.3:a:thepeak:thepeak_file_upload_manager:1.3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-5617

Exploit prediction scoring system (EPSS) score for CVE-2006-5617

CVSS scores for CVE-2006-5617

References for CVE-2006-5617

Products affected by CVE-2006-5617