CVE-2006-6445

Envolution 1.1.0 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/2888

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/30700

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21413

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2888

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4836

Scores

EPSS 0.0889

EPSS Percentile 92.6%

Details

Status published

Products (1)

envolution/envolution 1.1.0

Published Dec 10, 2006

Tracked Since Feb 18, 2026