CVE-2006-4558

Sažetak

DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.

Reference

http://archives.neohapsis.com/archives/bugtraq/2006-05/0318.html
http://retrogod.altervista.org/deluxebb_106_xpl.html
http://secunia.com/advisories/20135
http://securityreason.com/securityalert/1492
http://www.vupen.com/english/advisories/2006/1843
https://exchange.xforce.ibmcloud.com/vulnerabilities/26485

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

26-01-2024 - 19:02

Objavljeno

06-09-2006 - 00:04