CVE-2006-5897

MEDIUM Year: 2006
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) colorhelp_popup.php, (3) color_popup.php, (4) index.php, (5) index1.php, (6) lib/connected_users.lib.php, (7) lib/index.lib.php, and (8) phpMyChat.php3; and the (9) L parameter to logs.php. NOTE: CVE analysis suggests that vector 1 might be incorrect.

Related Vulnerabilities

CVE-2017-12815

CRITICAL
CVSS:10.0(Critical)

Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar ...

CWE-222017

CVE-2019-18253

CRITICAL
CVSS:10.0(Critical)

An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the...

CWE-222019

CVE-2020-29495

CRITICAL
CVSS:10.0(Critical)

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, le...

CWE-222020

CVE-2022-1992

CRITICAL
CVSS:10.0(Critical)

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

CWE-222022

CVE-2023-2909

CRITICAL
CVSS:10.0(Critical)

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2...

CWE-222023

CVE-2023-6015

CRITICAL
CVSS:10.0(Critical)

MLflow allowed arbitrary files to be PUT onto the server.

CWE-222023