Unrated severityNVD Advisory· Published Jan 19, 2006· Updated Jun 16, 2026
CVE-2006-0315
CVE-2006-0315
Description
index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.1.2
Patches
Vulnerability mechanics
References
8- archives.neohapsis.com/archives/fulldisclosure/2006-01/0515.htmlnvdExploitVendor Advisory
- www.securityfocus.com/bid/16257nvdExploit
- secunia.com/advisories/18043nvdVendor Advisory
- www.osvdb.org/22684nvd
- www.securityfocus.com/archive/1/422071/100/0/threadednvd
- zur.homelinux.com/Advisories/ezdatabase_dir_trans.txtnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24134nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24135nvd
News mentions
0No linked articles in our index yet.