CVE-2006-2633
Last modified
CVE-2006-2633 is a vulnerability of currently unknown severity. Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.. EPSS estimates a 1.25% chance of exploitation in the next 30 days.
Description
Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Andrew Godwin | Bytehoard | 2.0.0 |
| Andrew Godwin | Bytehoard | 2.0.1 |
| Andrew Godwin | Bytehoard | 2.0.2 |
| Andrew Godwin | Bytehoard | 2.0.3 |
| Andrew Godwin | Bytehoard | 2.0.4 |
| Andrew Godwin | Bytehoard | 2.0.5 |
| Andrew Godwin | Bytehoard | 2.0_beta1 |
| Andrew Godwin | Bytehoard | 2.0_beta2 |
| Andrew Godwin | Bytehoard | 2.1_alpha |
| Andrew Godwin | Bytehoard | 2.1_beta |
| Andrew Godwin | Bytehoard | 2.1_delta |
| Andrew Godwin | Bytehoard | 2.1_gamma |
References
- http://secunia.com/advisories/20304Patch, Vendor Advisory
- http://secunia.com/advisories/20304Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-2633?
How severe is CVE-2006-2633?
How do I fix CVE-2006-2633?
Are you affected by CVE-2006-2633?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST