CVE-2006-3934

Alkacon OpenCms < 6.2.2 - Authenticated Path Traversal via downloadTrigger.jsp filePath Parameter

Title source: llm
STIX 2.1

Description

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28000
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21193
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1302
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/441182/100/0/threaded

Scores

EPSS 0.0143
EPSS Percentile 69.8%

Details

CWE
CWE-22
Status published
Products (7)
alkacon/opencms 6.0.0
alkacon/opencms 6.0.2
alkacon/opencms 6.0.3
alkacon/opencms 6.0.4
alkacon/opencms 6.2
alkacon/opencms < 6.2.1
org.opencms/opencms-core 0 - 6.2.2Maven
Published Jul 31, 2006
Tracked Since Feb 18, 2026