What is CVE-2006-3392?

CVE-2006-3392 is a vulnerability in N/a. Published 2006-07-06.

Is CVE-2006-3392 known to be exploited?

38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2006-3392

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences…

EPSS: 0.865 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

21365 (x_refsource_SECUNIA, third-party-advisory)
GLSA-200608-11 (vendor-advisory, x_refsource_GENTOO)
www.webmin.com/changes.html (x_refsource_CONFIRM)
20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit (mailing-list, x_refsource_BUGTRAQ)
21105 (x_refsource_SECUNIA, third-party-advisory)
18744 (vdb-entry, x_refsource_BID)
20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl (mailing-list, x_refsource_BUGTRAQ)
20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit (mailing-list, x_refsource_BUGTRAQ)
VU#999601 (x_refsource_CERT-VN, third-party-advisory)
DSA-1199 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2006-3392?: CVE-2006-3392 is a vulnerability in N/a. Published 2006-07-06.
Is CVE-2006-3392 known to be exploited?: 38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.