CVE-2006-3336

Sažetak

TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.

Reference

http://secunia.com/advisories/20992
http://securitytracker.com/id?1016458
http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads
http://www.securityfocus.com/bid/18854
http://www.vupen.com/english/advisories/2006/2677

CVSS

Base:	4.0
Impact:	4.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

08-03-2011 - 02:38

Objavljeno

05-07-2006 - 20:05