VYPR
Unrated severityNVD Advisory· Published Dec 6, 2006· Updated Jun 16, 2026

CVE-2006-6112

CVE-2006-6112

Description

LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.

Affected products

8
  • Lifetype/Lifetype8 versions
    cpe:2.3:a:lifetype:lifetype:1.0.2:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:lifetype:lifetype:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:lifetype:lifetype:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:lifetype:lifetype:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:lifetype:lifetype:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:lifetype:lifetype:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lifetype:lifetype:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:lifetype:lifetype:1.1.2:*:*:*:*:*:*:*
    • (no CPE)range: 1.0.x, 1.1.x

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.