Back to search
CVE-2006-4914
Published: Sep 21, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20060920 A.I-Pifou (Cookie) Local File Inclusion
mailing-list
x_refsource_FULLDISC
22038
third-party-advisory
x_refsource_SECUNIA
aipifou-livre-file-include(29050)
vdb-entry
x_refsource_XF
ADV-2006-3707
vdb-entry
x_refsource_VUPEN
20120
vdb-entry
x_refsource_BID
29014
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now