CVE-2006-2475 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2006-2475

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) bestmail.cgi in Cosmoshop 8.11.106 and earlier allows remote administrators to read arbitrary files via .. sequences in the file parameter.

Affected Software

Name	Vendor	Start Version	End Version
Cosmoshop	Cosmoshop	*	8.11.106 (including)
Cosmoshop	Cosmoshop	8.10.78 (including)	8.10.78 (including)

References

http://secunia.com/advisories/20177
http://securityreason.com/securityalert/919
http://www.osvdb.org/25647
http://www.osvdb.org/25648
http://www.securityfocus.com/archive/1/434368/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26533