CVE-2006-7070

Exploit

EPSS 14.46%
Veröffentlicht 02.03.2007 21:18:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Etomite ≫ Etomite Version <= 0.6.1

Etomite ≫ Etomite Version0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.46%	0.941

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://retrogod.altervista.org/etomite_061_cmd.html

Exploit

http://secunia.com/advisories/21208

Patch

Vendor Advisory

http://securityreason.com/securityalert/2326

http://securitytracker.com/id?1016593

Vendor Advisory

http://www.etomite.org/forums/index.php?showtopic=5757&st=0&p=35605&#entry35605

Patch

http://www.osvdb.org/27543

http://www.securityfocus.com/archive/1/441202/100/0/threaded