Back to search
CVE-2006-2278
Published: May 9, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2006-1708
vdb-entry
x_refsource_VUPEN
862
third-party-advisory
x_refsource_SREASON
25366
vdb-entry
x_refsource_OSVDB
25365
vdb-entry
x_refsource_OSVDB
25364
vdb-entry
x_refsource_OSVDB
20034
third-party-advisory
x_refsource_SECUNIA
20060504 SaPHPLesson 3.0 Multbugs
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now