CVE-2006-3194

Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gallery and (2) template parameter.

Published: Jun 23, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3194
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
singapore / singapore	0.9.3_beta	0.9.3_beta.x
singapore / singapore	0.9.1_beta	0.9.1_beta.x
singapore / singapore	0.9.10_beta	0.9.10_beta.x
singapore / singapore	0.9.9b_beta	0.9.9b_beta.x
singapore / singapore	0.9.6_beta	0.9.6_beta.x
singapore / singapore	0.9.9a_beta	0.9.9a_beta.x
singapore / singapore	0.9.4_beta	0.9.4_beta.x
singapore / singapore	0.9.7	0.9.7.x
singapore / singapore	0.9a_beta	0.9a_beta.x
singapore / singapore	0.9.7_beta	0.9.7_beta.x
singapore / singapore	0.9_beta	0.9_beta.x
singapore / singapore	0.10.0	0.10.0.x
singapore / singapore	0.9.10	0.9.10.x
singapore / singapore	0.9.5_beta	0.9.5_beta.x
singapore / singapore	0.9.8_beta	0.9.8_beta.x
singapore / singapore	0.9.2_beta	0.9.2_beta.x
singapore / singapore	0.9.11_beta	0.9.11_beta.x

Vulnerability Database

289,871

CVE-2006-3194