CVE-2006-3488

Published Jul 10, 2006

Last updated 16 years ago

Overview

Description: Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:virtuastore:virtuastore:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "506E6135-7767-4611-BCE8-7AD6FB977318"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References