7.1
CVE-2006-3015
- EPSS 6.34%
- Veröffentlicht 14.06.2006 15:06:00
- Zuletzt bearbeitet 16.06.2026 22:26:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.34% | 0.927 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 4.9 | 9.2 |
AV:N/AC:H/Au:N/C:C/I:C/A:N
|
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html
http://secunia.com/advisories/20575
http://winscp.net/eng/docs/history#3.8.2
http://www.kb.cert.org/vuls/id/912588
http://www.securityfocus.com/bid/18384
http://www.vupen.com/english/advisories/2006/2289
https://exchange.xforce.ibmcloud.com/vulnerabilities/27075