Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-02-23T23:00:00

Updated: 2024-08-07T16:48:56.932Z

Reserved: 2006-02-23T00:00:00

Link: CVE-2006-0869

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-02-23T23:02:00.000

Modified: 2024-11-21T00:07:31.470

Link: CVE-2006-0869

cve-icon Redhat

No data.