CVE Daily

CVE-2006-3934

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms ...

Medium CVSS 4.0

Overview

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

CWE: CWE-22 Published: 2006-07-31T22:04:00.000
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 4.0 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags