CVE-2006-3360: phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence
5
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.91513%
CWE
Published
5/1/2022
Updated
3/30/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
phpsysinfo/phpsysinfo | composer | < 3.2.5 | 3.2.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from how the 'lang' parameter was processed. The pre-patch code used basename($GET['lang']) to sanitize input, but PHP's basename() is ineffective against null-byte injection (e.g., '../../etc/passwd%00' becomes '../../etc/passwd' after URL decoding, and the null byte truncates the string internally). When combined with file_exists(), this allowed checking for files outside the intended directory. The patch replaced this flawed sanitization with a regex filter ([A-Za-z-]), confirming the original functions were the vulnerability source.