Home > Vulnerability Database > CVE-2006-3934

Mend.io Vulnerability Database

CVE-2006-3934

Date: July 31, 2006

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

Severity Score

4.3

Related Resources (11)

Url: http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt

Url: http://www.opencms.org/opencms/en/shownews.html?id=1002

Url: http://securityreason.com/securityalert/1302

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-3934

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/28000

Url: http://secunia.com/advisories/21193

Url: http://www.securityfocus.com/archive/1/441182/100/0/threaded

Url: https://github.com/alkacon/opencms-core

Url: https://github.com/alkacon/opencms-core/commit/8f1c04c5a16fe8d0bdbd13b65bf2a7b5cf100ff9

Url: http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip

Url: https://www.mend.io/vulnerability-database/CVE-2006-3934

Severity Score

4.3

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-3934

Date: July 31, 2006

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?