CVE-2006-0869
First published: Thu Feb 23 2006(Updated: )
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP PEAR | =0.3 | |
| PHP PEAR | =0.5 | |
| PHP PEAR | =0.5.1 | |
| PHP PEAR | =0.6 | |
| PHP PEAR | =0.6.1 | |
| PHP PEAR | =0.7 | |
| PHP PEAR | =0.8 | |
| PHP PEAR | =0.8.1 | |
| PHP PEAR | =0.9 | |
| PHP PEAR | =0.10.0 | |
| PHP PEAR | =0.11.0 | |
| PHP PEAR | =0.11.1 | |
| PHP PEAR | =0.12.0 | |
| PHP PEAR | =0.13.0 | |
| PHP PEAR | =0.13.1 | |
| PHP PEAR | =0.13.2 | |
| PHP PEAR | =0.13.3 | |
| PHP PEAR | =0.14.0 | |
| PHP PEAR | =0.15.0 | |
| PHP PEAR | =0.15.1 | |
| PHP PEAR | =0.16.0 | |
| PHP PEAR | =0.16.1 | |
| PHP PEAR | =0.16.2 | |
| PHP PEAR | =0.16.3 | |
| PHP PEAR | =0.16.4 | |
| PHP PEAR | =0.16.5 | |
| PHP PEAR | =0.16.6 | |
| PHP PEAR | =0.16.7 | |
| PHP PEAR | =0.16.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.gulftech.org/?node=research&article_id=00103-02212006
- http://pear.php.net/package/LiveUser/download/
- http://www.securityfocus.com/bid/16761
- http://securitytracker.com/id?1015659
- http://securityreason.com/securityalert/466
- http://www.vupen.com/english/advisories/2006/0697
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24853
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24852
- http://www.securityfocus.com/archive/1/425711/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0869?
CVE-2006-0869 is considered a moderate severity vulnerability due to its potential for directory traversal exploits.
How do I fix CVE-2006-0869?
To fix CVE-2006-0869, upgrade to a later version of the PEAR LiveUser package that is not affected by this vulnerability.
What versions of PEAR LiveUser are affected by CVE-2006-0869?
CVE-2006-0869 affects PEAR LiveUser versions 0.16.8 and earlier.
What impact does CVE-2006-0869 have on affected systems?
CVE-2006-0869 allows remote attackers to determine file existence and may enable file deletion or arbitrary file reading.
Can exploiting CVE-2006-0869 lead to compromised systems?
Yes, exploiting CVE-2006-0869 can lead to unauthorized access and manipulation of files on the server.
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/pear
- canonical/php pear
- version/php pear/0.3
- version/php pear/0.5
- version/php pear/0.5.1
- version/php pear/0.6
- version/php pear/0.6.1
- version/php pear/0.7
- version/php pear/0.8
- version/php pear/0.8.1
- version/php pear/0.9
- version/php pear/0.10.0
- version/php pear/0.11.0
- version/php pear/0.11.1
- version/php pear/0.12.0
- version/php pear/0.13.0
- version/php pear/0.13.1
- version/php pear/0.13.2
- version/php pear/0.13.3
- version/php pear/0.14.0
- version/php pear/0.15.0
- version/php pear/0.15.1
- version/php pear/0.16.0
- version/php pear/0.16.1
- version/php pear/0.16.2
- version/php pear/0.16.3
- version/php pear/0.16.4
- version/php pear/0.16.5
- version/php pear/0.16.6
- version/php pear/0.16.7
- version/php pear/0.16.8