6.4
CVE-2006-2330
- EPSS 11.47%
- Published 12.05.2006 00:02:00
- Last modified 03.04.2025 01:03:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
Data is provided by the National Vulnerability Database (NVD)
Php Fusion ≫ Php Fusion Version6.00.3
Php Fusion ≫ Php Fusion Version6.00.105
Php Fusion ≫ Php Fusion Version6.00.106
Php Fusion ≫ Php Fusion Version6.00.107
Php Fusion ≫ Php Fusion Version6.00.109
Php Fusion ≫ Php Fusion Version6.00.110
Php Fusion ≫ Php Fusion Version6.00.204
Php Fusion ≫ Php Fusion Version6.00.206
Php Fusion ≫ Php Fusion Version6.00.303
Php Fusion ≫ Php Fusion Version6.00.304
Php Fusion ≫ Php Fusion Version6.00.306
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.47% | 0.933 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|