CVE-2006-3934

N/A Unknown

Published: July 31, 2006 Modified: April 16, 2026

Description

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt

Source: cve@mitre.org

Exploit Patch

http://secunia.com/advisories/21193

Source: cve@mitre.org

Exploit Patch Vendor Advisory

http://securityreason.com/securityalert/1302

Source: cve@mitre.org

http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip

Source: cve@mitre.org

Patch

http://www.opencms.org/opencms/en/shownews.html?id=1002

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/441182/100/0/threaded

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/28000

Source: cve@mitre.org

http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt