CVE-2006-2633

Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.

Published: 2006-05-30 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2006-2633 is rated Low Risk (36.8/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.43%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2006-2633

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-03-30	0.45%	0.43%	-0.02%
2	2025-03-29	0.43%	0.45%	+0.02%
3	2025-03-17	—	0.43%	—

Full EPSS history (5 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-2633

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.0	2.0	MEDIUM	`AV:N/AC:L/Au:S/C:N/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	8.0	2.9	[email protected]

Weakness enumeration for CVE-2006-2633

Affected software / configurations for CVE-2006-2633

Vendor	Product	Version	Raw CPE
andrew_godwin	bytehoard	2.0.0	cpe:2.3:a:andrew_godwin:bytehoard:2.0.0:::::::*
andrew_godwin	bytehoard	2.0.1	cpe:2.3:a:andrew_godwin:bytehoard:2.0.1:::::::*
andrew_godwin	bytehoard	2.0.2	cpe:2.3:a:andrew_godwin:bytehoard:2.0.2:::::::*
andrew_godwin	bytehoard	2.0.3	cpe:2.3:a:andrew_godwin:bytehoard:2.0.3:::::::*
andrew_godwin	bytehoard	2.0.4	cpe:2.3:a:andrew_godwin:bytehoard:2.0.4:::::::*
andrew_godwin	bytehoard	2.0.5	cpe:2.3:a:andrew_godwin:bytehoard:2.0.5:::::::*
andrew_godwin	bytehoard	2.0_beta1	cpe:2.3:a:andrew_godwin:bytehoard:2.0_beta1:::::::*
andrew_godwin	bytehoard	2.0_beta2	cpe:2.3:a:andrew_godwin:bytehoard:2.0_beta2:::::::*
andrew_godwin	bytehoard	2.1_alpha	cpe:2.3:a:andrew_godwin:bytehoard:2.1_alpha:::::::*
andrew_godwin	bytehoard	2.1_beta	cpe:2.3:a:andrew_godwin:bytehoard:2.1_beta:::::::*
andrew_godwin	bytehoard	2.1_delta	cpe:2.3:a:andrew_godwin:bytehoard:2.1_delta:::::::*
andrew_godwin	bytehoard	2.1_gamma	cpe:2.3:a:andrew_godwin:bytehoard:2.1_gamma:::::::*

References for CVE-2006-2633

URL	Tags
http://secunia.com/advisories/20304	Patch Vendor Advisory
http://securityreason.com/securityalert/968
http://sourceforge.net/forum/forum.php?forum_id=576219
http://sourceforge.net/project/shownotes.php?release_id=420549&group_id=90199	Patch
http://www.securityfocus.com/archive/1/435135/100/0/threaded
http://www.securityfocus.com/bid/18139	Patch
http://www.vupen.com/english/advisories/2006/2033
https://exchange.xforce.ibmcloud.com/vulnerabilities/26705

cvelogic Threat Intelligence