CVE Vulnerabilities

CVE-2006-1963

Published: Apr 21, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a .. (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.

Affected Software

Name Vendor Start Version End Version
Pcpin_chat Pcpin 3.1.5 3.1.5
Pcpin_chat Pcpin 3.1.6 3.1.6
Pcpin_chat Pcpin 3.1.7r 3.1.7r
Pcpin_chat Pcpin 5.0.2 5.0.2
Pcpin_chat Pcpin 5.0.4 5.0.4
Pcpin_chat Pcpin 5.0.3 5.0.3
Pcpin_chat Pcpin 3.2.0 3.2.0
Pcpin_chat Pcpin 3.2.1 3.2.1
Pcpin_chat Pcpin 3.2.3 3.2.3
Pcpin_chat Pcpin 5.0.1 5.0.1
Pcpin_chat Pcpin 4.0 4.0

References