CVE-2006-2617

critical

Description

(1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26661

https://exchange.xforce.ibmcloud.com/vulnerabilities/26656

http://www.vupen.com/english/advisories/2006/1973

http://www.vupen.com/english/advisories/2006/1972

http://www.sitepoint.com/forums/showthread.php?t=311969

http://www.securityfocus.com/archive/1/434912/100/0/threaded

http://securityreason.com/securityalert/955

http://secunia.com/advisories/20278

http://secunia.com/advisories/20276

Details

Source: Mitre, NVD

Published: 2006-05-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00799