CVE-2006-1371

Exploit

EPSS 8.85%
Veröffentlicht 23.03.2006 23:06:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xhp ≫ Cms Version <= 0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.85%	0.922

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://secunia.com/advisories/19353

Patch

Vendor Advisory

Exploit

http://www.attrition.org/pipermail/vim/2006-March/000649.html

http://www.osvdb.org/24058

http://www.osvdb.org/24059

http://www.securityfocus.com/bid/17209

http://www.vupen.com/english/advisories/2006/1052

Vendor Advisory

http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10

https://exchange.xforce.ibmcloud.com/vulnerabilities/25399

https://www.exploit-db.com/exploits/1605

https://nvd.nist.gov/vuln/detail/CVE-2006-1371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1371

EUVD