index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory traversal.
Conclusion & alert: CVE-2006-2535 is rated Moderate Risk (48.7/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.75%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-06-15 | 1.69% | 1.75% | +0.07% |
| 2 | 2025-03-30 | 1.88% | 1.69% | -0.20% |
| 3 | 2025-03-29 | — | 1.88% | — |
Full EPSS history (9 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.0 | 2.0 | MEDIUM |
|
10.0 | 2.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| greg_donald | destiney_links_script | 2.1.2 | cpe:2.3:a:greg_donald:destiney_links_script:2.1.2:*:*:*:*:*:*:* |