cbcvebase.
CVE-2006-3695
published 2006-07-21

CVE-2006-3695: Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from…

PriorityP419medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.86%
76.6th percentile
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.

Affected

4 ranges
VendorProductVersion rangeFixed in
debiantrac< trac 0.9.6-1 (sid)trac 0.9.6-1 (sid)
edgewall_softwaretrac<= 0.9.5
edgewall_softwaretrac>= 0 < 0.9.6-10.9.6-1
edgewall_softwaretrac>= 0 < 0.9.60.9.6

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa2.1LOW
osv2.1LOW
vendor_debian2.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.