CVE-2006-0644

critical

Description

Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24660

http://www.securityfocus.com/archive/1/424439/100/0/threaded

http://www.osvdb.org/23058

http://securitytracker.com/id?1015601

http://dragonflycms.org/Forums/viewtopic/p=98034.html#98034

http://dragonflycms.org/Forums/viewtopic/p=98034.html

Details

Source: Mitre, NVD

Published: 2006-02-10

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical