Unrated severityNVD Advisory· Published Jul 6, 2006· Updated Apr 16, 2026

CVE-2006-3392

Description

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.

Affected products

Usermin/Usermin
cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*
Range: <=1.210
Webmin/Webmin
cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
Range: <=1.2.80

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20892nvdPatchVendor Advisory
secunia.com/advisories/21365nvdPatchVendor Advisory
www.osvdb.org/26772nvdPatch
secunia.com/advisories/21105nvdVendor Advisory
secunia.com/advisories/22556nvdVendor Advisory
www.vupen.com/english/advisories/2006/2612nvdVendor Advisory
www.kb.cert.org/vuls/id/999601nvdUS Government Resource
attrition.org/pipermail/vim/2006-July/000923.htmlnvd
attrition.org/pipermail/vim/2006-June/000912.htmlnvd
security.gentoo.org/glsa/glsa-200608-11.xmlnvd
www.debian.org/security/2006/dsa-1199nvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/archive/1/439653/100/0/threadednvd
www.securityfocus.com/archive/1/440125/100/0/threadednvd
www.securityfocus.com/archive/1/440466/100/0/threadednvd
www.securityfocus.com/archive/1/440493/100/0/threadednvd
www.securityfocus.com/bid/18744nvd
www.webmin.com/changes.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.063
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000