Security Advisory

CVE-2006-1201

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-03-14 01:00:00

Last updated 2024-08-07 17:03:28

Assigner mitre

State PUBLISHED

Description

Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. (dot dot) in the email parameter during a "Recover password" operation (recoverpw.php).

← Browse all CVEs View on cve.org ↗