Unrated severityNVD Advisory· Published Jan 26, 2006· Updated Apr 16, 2026

CVE-2006-0445

Description

index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.

Affected products

Phpclanwebsite/Phpclanwebsite
cpe:2.3:a:phpclanwebsite:phpclanwebsite:1.23.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txtnvdExploitVendor Advisory
www.osvdb.org/22721nvd
www.securityfocus.com/archive/1/423145/100/0/threadednvd
www.securityfocus.com/bid/16391nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000