Lucene search

[email protected]CVE-2006-1791

HistoryApr 14, 2006 - 11:02 p.m.

CVE-2006-1791

2006-04-1423:02:00

[email protected]

web.nvd.nist.gov

cve-2006-1791

quickblogger 1.4

remote attackers

directory traversal vulnerability

xss

acc.php

nvd

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails.

Affected configurations

NVD

Node

jl_webworksquickbloggerMatch1.4

CPENameOperatorVersion
jl_webworks:quickbloggerjl webworks quickbloggereq1.4

CPE	Name	Operator	Version
jl_webworks:quickblogger	jl webworks quickblogger	eq	1.4

References

secunia.com/advisories/15942

www.securityfocus.com/archive/1/430878/100/0/threaded

www.securityfocus.com/archive/1/431059/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/25795

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for CVE-2006-1791

nvd1 cvelist1 prion1