CVE-2006-2633

medium

Description

Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26705

http://www.vupen.com/english/advisories/2006/2033

http://www.securityfocus.com/bid/18139

http://www.securityfocus.com/archive/1/435135/100/0/threaded

http://sourceforge.net/project/shownotes.php?release_id=420549&group_id=90199

http://sourceforge.net/forum/forum.php?forum_id=576219

http://securityreason.com/securityalert/968

http://secunia.com/advisories/20304

Details

Source: Mitre, NVD

Published: 2006-05-30

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00428