CVE-2006-6735

Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c - Info Disclosure

Title source: llm
STIX 2.1

Description

modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal.

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2072
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21677
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/454864/100/0/threaded

Scores

EPSS 0.0151
EPSS Percentile 71.5%

Details

CWE
CWE-200
Status published
Products (1)
obie_website/mini_web_shop 2.1.c
Published Dec 26, 2006
Tracked Since Feb 18, 2026