7.1

CVE-2006-3015

Exploit
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WinSCPWinSCP Version3.8.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.34% 0.927
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 4.9 9.2
AV:N/AC:H/Au:N/C:C/I:C/A:N
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html
Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html
Exploit
Broken Link
http://secunia.com/advisories/20575
Vendor Advisory
Broken Link
http://winscp.net/eng/docs/history#3.8.2
Release Notes
http://www.kb.cert.org/vuls/id/912588
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/18384
Third Party Advisory
Exploit
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2006/2289
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/27075
Third Party Advisory
VDB Entry