CVE-2006-3360

phpsysinfo 2.5.1 - Path Traversal via lng Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.

References (10)

Core 10
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
http://securitytracker.com/id?1016440
Third Party Advisory, VDB Entry vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/27527
Broken Link, Permissions Required, Third Party Advisory vdb-entry
http://www.vupen.com/english/advisories/2006/2668
Broken Link vdb-entry
http://www.osvdb.org/27015
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/20939
Broken Link, Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/18868

Scores

EPSS 0.0537
EPSS Percentile 91.7%

Details

CWE
CWE-22
Status published
Products (2)
phpsysinfo/phpsysinfo < 2.5.1
phpsysinfo/phpsysinfo 0 - 3.2.5Packagist
Published Jul 06, 2006
Tracked Since Feb 18, 2026