CVE-2006-2278
published 2006-05-10CVE-2006-2278: SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php…
PriorityP419medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.58%
72.5th percentile
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arabless | saphplesson | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/20034http://securityreason.com/securityalert/862http://www.osvdb.org/25364http://www.osvdb.org/25365http://www.osvdb.org/25366http://www.securityfocus.com/archive/1/433052/100/0/threadedhttp://www.vupen.com/english/advisories/2006/1708http://secunia.com/advisories/20034http://securityreason.com/securityalert/862http://www.osvdb.org/25364http://www.osvdb.org/25365http://www.osvdb.org/25366http://www.securityfocus.com/archive/1/433052/100/0/threadedhttp://www.vupen.com/english/advisories/2006/1708
2006-05-10
Published