Unrated severityNVD Advisory· Published Dec 4, 2006· Updated Apr 23, 2026

CVE-2006-6254

Description

administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content (source code) of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conn_cahier_de_texte.php. NOTE: it is not clear whether the scope of this issue extends above the web document root, and whether directory traversal is the primary vulnerability.

Affected products

Cahier De Textes/Cahier De Textes2 versions
cpe:2.3:a:cahier_de_textes:cahier_de_textes:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cahier_de_textes:cahier_de_textes:*:*:*:*:*:*:*:*range: <=2.2
- cpe:2.3:a:cahier_de_textes:cahier_de_textes:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

acid-root.new.fr/poc/15061124.txtnvdExploit
secunia.com/advisories/23122nvdExploitVendor Advisory
www.securityfocus.com/bid/21283nvdExploit
securityreason.com/securityalert/1961nvd
www.securityfocus.com/archive/1/452600/100/0/threadednvd
www.vupen.com/english/advisories/2006/4701nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000