CVE-2006-3934
Description
Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
0.692
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2006-3936,CVE-2006-3935,CVE-2006-3934,CVE-2006-3933 are fixed in Opencms-opencms-core 6.2.2 | Windows |
| Vulnerabilities CVE-2006-3936,CVE-2006-3935,CVE-2006-3934,CVE-2006-3933 are fixed in Opencms-opencms-core for Linux 6.2.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234