{"id":"CVE-2006-3360","details":"Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.","aliases":["GHSA-2wxv-3g4v-p76p"],"modified":"2026-04-10T03:37:39.370008Z","published":"2006-07-06T20:05:00Z","related":["GHSA-2wxv-3g4v-p76p"],"references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/20939"},{"type":"ADVISORY","url":"http://securitytracker.com/id?1016440"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/18868"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/2668"},{"type":"ADVISORY","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27527"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-2wxv-3g4v-p76p"},{"type":"ADVISORY","url":"https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745"},{"type":"EVIDENCE","url":"http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html"},{"type":"EVIDENCE","url":"http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.html"},{"type":"REPORT","url":"http://www.vupen.com/english/advisories/2006/2668"},{"type":"REPORT","url":"https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745"},{"type":"WEB","url":"http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html"},{"type":"WEB","url":"http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.html"},{"type":"WEB","url":"http://securitytracker.com/id?1016440"},{"type":"WEB","url":"http://www.osvdb.org/27015"},{"type":"WEB","url":"http://www.securityfocus.com/bid/18868"}],"schema_version":"1.7.5"}