7.5

CVE-2006-0695

Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AnsiloveAnsilove Version1.01
AnsiloveAnsilove Version1.02
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.7% 0.84
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/18810
Patch
Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=392826
Patch
http://www.securityfocus.com/bid/16603
http://www.vupen.com/english/advisories/2006/0536
https://exchange.xforce.ibmcloud.com/vulnerabilities/24684