CVE-2006-6743

phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php.

Published: Dec 27, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6743
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpprofiles / phpprofiles	2.1.0	2.1.0.x

http://secunia.com/advisories/22728
http://sourceforge.net/project/shownotes.php?release_id=460858&group_id=176310
http://www.vupen.com/english/advisories/2006/4446
https://exchange.xforce.ibmcloud.com/vulnerabilities/30171

Vulnerability Database

290,206

CVE-2006-6743