CVE-2006-3360

Name: CVE-2006-3360
Creator: NVD / NIST
Published: 2006-07-06T20:05:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.37%

Last modified Jun 16, 2026

CVE-2006-3360 is a vulnerability of currently unknown severity. Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.. EPSS estimates a 5.37% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.

Metrics

EPSS Probability

5.37%

91.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Phpsysinfo	Phpsysinfo	<= 2.5.1

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.htmlBroken Link, Exploit
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.htmlBroken Link, Exploit
http://secunia.com/advisories/20939Broken Link, Vendor Advisory
http://securitytracker.com/id?1016440Broken Link, Third Party Advisory, VDB Entry
http://www.osvdb.org/27015Broken Link
http://www.securityfocus.com/bid/18868Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2006/2668Broken Link, Permissions Required, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27527Third Party Advisory, VDB Entry
https://github.com/advisories/GHSA-2wxv-3g4v-p76pThird Party Advisory
https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745Issue Tracking, Third Party Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.htmlBroken Link, Exploit
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.htmlBroken Link, Exploit
http://secunia.com/advisories/20939Broken Link, Vendor Advisory
http://securitytracker.com/id?1016440Broken Link, Third Party Advisory, VDB Entry
http://www.osvdb.org/27015Broken Link
http://www.securityfocus.com/bid/18868Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2006/2668Broken Link, Permissions Required, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27527Third Party Advisory, VDB Entry
https://github.com/advisories/GHSA-2wxv-3g4v-p76pThird Party Advisory
https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745Issue Tracking, Third Party Advisory

Timeline

Published: Jul 6, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-3360?

How severe is CVE-2006-3360?

Severity scoring for CVE-2006-3360 is pending analysis. The EPSS model estimates a 5.37% probability of exploitation in the next 30 days.

How do I fix CVE-2006-3360?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3360?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST