cbcvebase.
CVE-2006-2278
published 2006-05-10

CVE-2006-2278: SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php…

PriorityP419medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.58%
72.5th percentile
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
arablesssaphplesson
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.