Unrated severityNVD Advisory· Published Jan 18, 2006· Updated Apr 16, 2026

CVE-2006-0244

Description

Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root

Affected products

Phpxplorer/Phpxplorer
cpe:2.3:a:phpxplorer:phpxplorer:0.9.33:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.arrelnet.com/advisories/adv20060116.htmlnvdExploitVendor Advisory
www.securityfocus.com/bid/16263nvdExploit
secunia.com/advisories/18518nvdVendor Advisory
securityreason.com/securityalert/353nvd
www.securityfocus.com/archive/1/421997/100/0/threadednvd
www.securityfocus.com/archive/1/422158/100/0/threadednvd
www.vupen.com/english/advisories/2006/0232nvd
exchange.xforce.ibmcloud.com/vulnerabilities/39982nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000