CVE-2006-0445

medium

Description

index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.

References

http://www.securityfocus.com/bid/16391

http://www.securityfocus.com/archive/1/423145/100/0/threaded

http://www.osvdb.org/22721

Details

Source: Mitre, NVD

Published: 2006-01-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00297