cbcvebase.
CVE-2006-0244
published 2006-01-18

CVE-2006-0244: Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing…

PriorityP429medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
3.06%
86.0th percentile
Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root

Affected

1 ranges
VendorProductVersion rangeFixed in
phpxplorerphpxplorer
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.