Unrated severityNVD Advisory· Published Feb 7, 2006· Updated Apr 16, 2026

CVE-2006-0567

Description

Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".." (dot dot) sequences.

Affected products

Curtis Farnham/Files Xaraya Module2 versions
cpe:2.3:a:curtis_farnham:files_xaraya_module:0.3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:curtis_farnham:files_xaraya_module:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:curtis_farnham:files_xaraya_module:0.4.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

xaraya.curtisfarnham.com/articles/Files_0.5.1_-_Security_Fix_and_other_thingsnvdPatch
www.vupen.com/english/advisories/2006/0371nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24393nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000