[Git][security-tracker-team/security-tracker][master] Update information for ancient CVE-2006-3360/pypsysinfo
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 12 19:39:09 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
db60257a by Salvatore Bonaccorso at 2023-01-12T20:38:30+01:00
Update information for ancient CVE-2006-3360/pypsysinfo
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -601078,9 +601078,10 @@ CVE-2006-3362 (Unrestricted file upload vulnerability in connectors/php/connecto
CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier ...)
NOT-FOR-US: Stud.IP
CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 all ...)
- - phpsysinfo <unfixed> (unimportant)
+ - phpsysinfo 3.2.5-3 (unimportant)
- egroupware <unfixed> (unimportant)
- phpgroupware <unfixed> (unimportant)
+ NOTE: https://github.com/phpsysinfo/phpsysinfo/commit/60b5bbb5d1cc17f44050e99a3e746f55a4fd4e18 (v3.2.5)
NOTE: Only the existence of files inside the WWW root is leaked. If this is
NOTE: a threat to your setup you most probably shouldn't install a script which
NOTE: exposes all your system data, either.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db60257af5ba6985bdc6b9fcbbfd8c9993b01542
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db60257af5ba6985bdc6b9fcbbfd8c9993b01542
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230112/885f3734/attachment.htm>
More information about the debian-security-tracker-commits
mailing list