5

CVE-2006-0922

CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DevellionCubecart Version3.0.0_alpha
DevellionCubecart Version3.0.0_alpha-2
DevellionCubecart Version3.0.0_alpha-rgf
DevellionCubecart Version3.0.0_beta
DevellionCubecart Version3.0.0_final
DevellionCubecart Version3.0.1
DevellionCubecart Version3.0.2
DevellionCubecart Version3.0.3
DevellionCubecart Version3.0.4
DevellionCubecart Version3.0.5
DevellionCubecart Version3.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.96% 0.94
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://securityreason.com/securityalert/482
http://www.cubecart.com/site/forums/index.php?showtopic=14704
http://www.cubecart.com/site/forums/index.php?showtopic=14817
http://www.cubecart.com/site/forums/index.php?showtopic=14825
Patch
http://www.cubecart.com/site/forums/index.php?showtopic=14960
http://www.cubecart.com/site/forums/index.php?showtopic=14972
Patch
http://www.nsag.ru/vuln/892.html
http://www.securityfocus.com/archive/1/425931/100/0/threaded
http://www.securityfocus.com/bid/16796
https://exchange.xforce.ibmcloud.com/vulnerabilities/24883