6.4

CVE-2006-2330

Exploit

EPSS 11.47%
Veröffentlicht 12.05.2006 00:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Php Fusion ≫ Php Fusion Version6.00.3

Php Fusion ≫ Php Fusion Version6.00.105

Php Fusion ≫ Php Fusion Version6.00.106

Php Fusion ≫ Php Fusion Version6.00.107

Php Fusion ≫ Php Fusion Version6.00.109

Php Fusion ≫ Php Fusion Version6.00.110

Php Fusion ≫ Php Fusion Version6.00.204

Php Fusion ≫ Php Fusion Version6.00.206

Php Fusion ≫ Php Fusion Version6.00.303

Php Fusion ≫ Php Fusion Version6.00.304

Php Fusion ≫ Php Fusion Version6.00.306

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	11.47%	0.933

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://secunia.com/advisories/19992

Patch

Vendor Advisory

http://securityreason.com/securityalert/873

http://www.osvdb.org/25537

http://www.php-fusion.co.uk/news.php

Patch

http://www.securityfocus.com/archive/1/433277/100/0/threaded

http://www.securityfocus.com/bid/17898

Exploit

http://www.vupen.com/english/advisories/2006/1735

https://exchange.xforce.ibmcloud.com/vulnerabilities/26388

https://nvd.nist.gov/vuln/detail/CVE-2006-2330

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2330

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2330

EUVD