CVE-2006-0327
TYPO3 3.7.1 - Information Disclosure via Direct Request to thumbs.php showpic.php or tables.php
Title source: llmDescription
TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.
References (11)
Core 11
Core References
Various Sources x_refsource_misc
http://bugs.typo3.org/view.php?id=2248
Exploit, Vendor Advisory x_refsource_misc
http://www.irmplc.com/advisory015.htm
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/422390/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/361
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22666
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24244
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22665
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18546
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0269
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/422360/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22667
Scores
EPSS
0.0190
EPSS Percentile
83.5%
Details
Status
published
Products (2)
typo3/typo3
3.7.1
typo3/typo3
3.8.1
Published
Jan 21, 2006
Tracked Since
Feb 18, 2026