CVE-2006-0327

Current Description

TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.

Basic Data

PublishedJanuary 21, 2006
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationTypo3Typo33.7.1*******
    2.3ApplicationTypo3Typo33.8.1*******

Vulnerable Software List

VendorProductVersions
Typo3 Typo3 3.7.1, 3.8.1

References

NameSourceURLTags
http://bugs.typo3.org/view.php?id=2248http://bugs.typo3.org/view.php?id=2248MISC
18546http://secunia.com/advisories/18546SECUNIAVendor Advisory
361http://securityreason.com/securityalert/361SREASON
http://www.irmplc.com/advisory015.htmhttp://www.irmplc.com/advisory015.htmMISCExploit Vendor Advisory
22665http://www.osvdb.org/22665OSVDB
22666http://www.osvdb.org/22666OSVDB
22667http://www.osvdb.org/22667OSVDB
20060119 IRM 015: File system path disclosure on TYPO3 Web Content Managerhttp://www.securityfocus.com/archive/1/422360/100/0/threadedBUGTRAQ
20060119 Re: IRM 015: File system path disclosure on TYPO3 Web Content Managerhttp://www.securityfocus.com/archive/1/422390/100/0/threadedBUGTRAQ
ADV-2006-0269http://www.vupen.com/english/advisories/2006/0269VUPEN
typo3-multiple-path-disclosure(24244)https://exchange.xforce.ibmcloud.com/vulnerabilities/24244XF