Moderate severityNVD Advisory· Published Jul 6, 2006· Updated Apr 16, 2026
CVE-2006-3360
CVE-2006-3360
Description
Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpsysinfo/phpsysinfoPackagist | < 3.2.5 | 3.2.5 |
Affected products
1Patches
11 file changed · +14 −13
language/language.php+14 −13 modified@@ -45,24 +45,25 @@ $lang = PSI_DEFAULT_LANG; } -if (isset($_GET['lang'])) { - if (file_exists(APP_ROOT.'/language/'.trim(htmlspecialchars(basename($_GET['lang']))).'.xml')) { - $lang = basename($_GET['lang']); - } +if (isset($_GET['lang']) && (trim($_GET['lang'])!=="") + && !preg_match('/[^A-Za-z\-_]/', $_GET['lang']) + && file_exists(APP_ROOT.'/language/'.$_GET['lang'].'.xml')) { + $lang = $_GET['lang']; } -$plugin = isset($_GET['plugin']) ? trim(htmlspecialchars(basename($_GET['plugin']))) : null; - -if ($plugin == null) { +if (isset($_GET['plugin'])) { + if ((trim($_GET['plugin'])!=="") && !preg_match('/[^A-Za-z\-_]/', $_GET['plugin'])) { + $plugin = $_GET['plugin']; + if (file_exists(APP_ROOT.'/plugins/'.strtolower($plugin).'/lang/'.$lang.'.xml')) { + echo file_get_contents(APP_ROOT.'/plugins/'.strtolower($plugin).'/lang/'.$lang.'.xml'); + } elseif (file_exists(APP_ROOT.'/plugins/'.strtolower($plugin).'/lang/en.xml')) { + echo file_get_contents(APP_ROOT.'/plugins/'.strtolower($plugin).'/lang/en.xml'); + } + } +} else { if (file_exists(APP_ROOT.'/language/'.$lang.'.xml')) { echo file_get_contents(APP_ROOT.'/language/'.$lang.'.xml'); } else { echo file_get_contents(APP_ROOT.'/language/en.xml'); } -} else { - if (file_exists(APP_ROOT.'/plugins/'.strtolower($plugin).'/lang/'.$lang.'.xml')) { - echo file_get_contents(APP_ROOT.'/plugins/'.strtolower($plugin).'/lang/'.$lang.'.xml'); - } else { - echo file_get_contents(APP_ROOT.'/plugins/'.strtolower($plugin).'/lang/en.xml'); - } }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
13- archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.htmlnvdBroken LinkExploit
- archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.htmlnvdBroken LinkExploit
- secunia.com/advisories/20939nvdBroken LinkVendor Advisory
- securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/18868nvdBroken LinkThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2006/2668nvdBroken LinkPermissions RequiredThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/27527nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-2wxv-3g4v-p76pnvdThird Party AdvisoryADVISORY
- github.com/phpsysinfo/phpsysinfo/issues/368nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2006-3360ghsaADVISORY
- www.osvdb.org/27015nvdBroken Link
- github.com/phpsysinfo/phpsysinfo/commit/60b5bbb5d1cc17f44050e99a3e746f55a4fd4e18ghsaWEB
- github.com/phpsysinfo/phpsysinfo/issues/107ghsaWEB
News mentions
0No linked articles in our index yet.