CVE-2006-0713 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.

Affected Software

Name	Vendor	Start Version	End Version
Linpha	Linpha	0.9.0 (including)	0.9.0 (including)
Linpha	Linpha	0.9.1 (including)	0.9.1 (including)
Linpha	Linpha	0.9.2 (including)	0.9.2 (including)
Linpha	Linpha	0.9.3 (including)	0.9.3 (including)
Linpha	Linpha	0.9.4 (including)	0.9.4 (including)
Linpha	Linpha	1.0 (including)	1.0 (including)

References

http://retrogod.altervista.org/linpha_10_local.html
http://secunia.com/advisories/18808
http://securityreason.com/securityalert/426
http://www.securityfocus.com/archive/1/424729/100/0/threaded
http://www.securityfocus.com/bid/16592
http://www.vupen.com/english/advisories/2006/0535
https://exchange.xforce.ibmcloud.com/vulnerabilities/24663
http://retrogod.altervista.org/linpha_10_local.html
http://secunia.com/advisories/18808
http://securityreason.com/securityalert/426
http://www.securityfocus.com/archive/1/424729/100/0/threaded
http://www.securityfocus.com/bid/16592
http://www.vupen.com/english/advisories/2006/0535
https://exchange.xforce.ibmcloud.com/vulnerabilities/24663

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0713
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html