CVE-2010-3606

Published: Sep 24, 2010Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters.

Affected (1)

Products: Netartmedia: Real Estate Portal

1 product

Real Estate Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netartmedia Real Estate Portal	Version 2.0

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (10)

http://osvdb.org/68062

Source: cve@mitre.org

http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html

Source: cve@mitre.org

http://secunia.com/advisories/41377

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/43266

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/61867

Source: cve@mitre.org

http://osvdb.org/68062

Source: af854a3a-2127-422b-91ae-364da2661108

http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/41377

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/43266

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/61867

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.