CVE-2006-0922

Опубликовано: 28 фев. 2006

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:devellion:cubecart:3.0.0_alpha:*:*:*:*:*:*:*

cpe:2.3:a:devellion:cubecart:3.0.0_alpha-2:*:*:*:*:*:*:*

cpe:2.3:a:devellion:cubecart:3.0.0_alpha-rgf:*:*:*:*:*:*:*

cpe:2.3:a:devellion:cubecart:3.0.0_beta:*:*:*:*:*:*:*

cpe:2.3:a:devellion:cubecart:3.0.0_final:*:*:*:*:*:*:*

cpe:2.3:a:devellion:cubecart:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:devellion:cubecart:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:devellion:cubecart:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:devellion:cubecart:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:devellion:cubecart:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:devellion:cubecart:3.0.6:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10821

Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-frjw-hc7c-8r47

github

почти 4 года назад