CVE-2006-0713 (CNNVD-200602-227)
中文标题:
LinPHA多个目录遍历漏洞
英文标题:
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files v...
漏洞描述
中文描述:
LinPHA 1.0中存在目录遍历漏洞。远程攻击者可以借助(1)docs/index.php中lang参数和(2) install/install.php、(3) install/sec_stage_install.php、(4) install/third_stage_install.php和(5) install/forth_stage_install.php的language参数(该参数中包含..)序列包含任意文件。 注意:可由此问题导致直接静态代码注入,如将PHP代码插入用户名所演示的那样,用户名被插入到linpha.log文件中,而linpha.log文件又可被目录遍历访问。
英文描述:
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| linpha | linpha | 0.9.0 | - | - |
cpe:2.3:a:linpha:linpha:0.9.0:*:*:*:*:*:*:*
|
| linpha | linpha | 0.9.1 | - | - |
cpe:2.3:a:linpha:linpha:0.9.1:*:*:*:*:*:*:*
|
| linpha | linpha | 0.9.2 | - | - |
cpe:2.3:a:linpha:linpha:0.9.2:*:*:*:*:*:*:*
|
| linpha | linpha | 0.9.3 | - | - |
cpe:2.3:a:linpha:linpha:0.9.3:*:*:*:*:*:*:*
|
| linpha | linpha | 0.9.4 | - | - |
cpe:2.3:a:linpha:linpha:0.9.4:*:*:*:*:*:*:*
|
| linpha | linpha | 1.0 | - | - |
cpe:2.3:a:linpha:linpha:1.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
exploitdb
exploitdb
cve.org
exploitdb
exploitdb
exploitdb
exploitdb
exploitdb
exploitdb
CVSS评分详情
AV:N/AC:L/Au:N/C:N/I:P/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2006-0713 |
2025-11-11 15:17:39 | 2025-11-11 07:32:31 |
| NVD | nvd_CVE-2006-0713 |
2025-11-11 14:51:47 | 2025-11-11 07:41:17 |
| CNNVD | cnnvd_CNNVD-200602-227 |
2025-11-11 15:08:50 | 2025-11-11 07:49:04 |
| EXPLOITDB | exploitdb_EDB-27192 |
2025-11-11 15:05:37 | 2025-11-11 08:23:29 |
| EXPLOITDB | exploitdb_EDB-27193 |
2025-11-11 15:05:37 | 2025-11-11 08:23:29 |
| EXPLOITDB | exploitdb_EDB-27194 |
2025-11-11 15:05:37 | 2025-11-11 08:23:29 |
| EXPLOITDB | exploitdb_EDB-27195 |
2025-11-11 15:05:37 | 2025-11-11 08:23:29 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 14 -> 16
- tags_count: 6 -> 7
查看详细变更
- references_count: 12 -> 14
- tags_count: 5 -> 6
查看详细变更
- references_count: 10 -> 12
- tags_count: 4 -> 5
查看详细变更
- references_count: 7 -> 10
- tags_count: 0 -> 4
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 路径遍历
- cnnvd_id: 未提取 -> CNNVD-200602-227
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.0
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:N/I:P/A:N
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 6
- data_sources: ['cve'] -> ['cve', 'nvd']