Описание
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-0169
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24070
- http://evuln.com/vulns/23/summary.html
- http://secunia.com/advisories/18399
- http://www.securityfocus.com/archive/1/421626/100/0/threaded
- http://www.securityfocus.com/bid/16208
- http://www.vupen.com/english/advisories/2006/0147
EPSS
Процентиль: 80%
0.01414
Низкий
CVE ID
Связанные уязвимости
nvd
около 20 лет назад
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.
EPSS
Процентиль: 80%
0.01414
Низкий