CVE-2006-7086

Current Description

The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.

Basic Data

PublishedMarch 02, 2007
Last ModifiedJune 10, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMrcgiguyHot Links-*******

Vulnerable Software List

VendorProductVersions
Mrcgiguy Hot Links -

References

NameSourceURLTags
20061115 Hot Links download backup authorized vulnerabilitieshttp://marc.info/?l=bugtraq&m=116370290529916&w=2BUGTRAQThird Party Advisory
20061115 Hot Links download backup authorized vulnerabilities (re-post)http://marc.info/?l=bugtraq&m=116373064308228&w=2BUGTRAQThird Party Advisory
22970http://secunia.com/advisories/22970SECUNIAPermissions Required
21112http://www.securityfocus.com/bid/21112BIDExploit Third Party Advisory VDB Entry
ADV-2006-4585http://www.vupen.com/english/advisories/2006/4585VUPENNot Applicable
hotlinks-dlback-information-disclosure(30340)https://exchange.xforce.ibmcloud.com/vulnerabilities/30340XFThird Party Advisory VDB Entry