CVE-2006-2096

plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message.

Published: Apr 29, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2096
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
neocrome / land_down_under	601	601.x
neocrome / land_down_under	602	602.x
neocrome / land_down_under	700.01	700.01.x
neocrome / land_down_under	700.04	700.04.x
neocrome / land_down_under	701	701.x
neocrome / land_down_under	801	801.x
neocrome / land_down_under	700.02	700.02.x
neocrome / land_down_under	-	802.x
neocrome / land_down_under	700.03	700.03.x
neocrome / land_down_under	800	800.x
neocrome / land_down_under	700.05	700.05.x

http://securityreason.com/securityalert/814
http://www.securityfocus.com/archive/1/432235/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26143

Vulnerability Database

290,206

CVE-2006-2096