CVE-2006-1963
Summary
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.
- LOW
- NETWORK
- SINGLE
- PARTIAL
- PARTIAL
- NONE
References
Advisory Timeline
- Published