Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Serendipity Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2006-6242 - Vulnerability Database
Serendipity

Serendipity Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2006-6242

Medium
Reference: CVE-2006-6242
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2006-6242
Title: Serendipity Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipitycharset parameter in (1) include/lang.inc.php or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php (6) serendipity_event_emoticate/serendipity_event_emoticate.php (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php (8) serendipity_event_karma/serendipity_event_karma.php (9) serendipity_event_livesearch/serendipity_event_livesearch.php (10) serendipity_event_mailer/serendipity_event_mailer.php (11) serendipity_event_nl2br/serendipity_event_nl2br.php (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php (14) serendipity_event_spamblock/serendipity_event_spamblock.php (15) serendipity_event_spartacus/serendipity_event_spartacus.php (16) serendipity_event_statistics/serendipity_plugin_statistics.php (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php (18) serendipity_event_textile/serendipity_event_textile.php (19) serendipity_event_textwiki/serendipity_event_textwiki.php (20) serendipity_event_trackexits/serendipity_event_trackexits.php (21) serendipity_event_weblogping/serendipity_event_weblogping.php (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php (23) serendipity_plugin_comments/serendipity_plugin_comments.php (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php (27) serendipity_plugin_history/serendipity_plugin_history.php (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php and and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php.