CVE-2006-3676

Опубликовано: 24 июл. 2006

Источник: nvd

CVSS2: 5.1

EPSS Низкий

Описание

admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.

Ссылки

http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0434.html
http://secunia.com/advisories/21099
Exploit
Patch
Vendor Advisory
http://securityreason.com/securityalert/1268
http://www.osvdb.org/27417
http://www.redteam-pentesting.de/advisories/rt-sa-2006-006.txt
Exploit
Vendor Advisory
http://www.securityfocus.com/archive/1/440643/100/0/threaded
http://www.securityfocus.com/bid/19091
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/27858
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0434.html
http://secunia.com/advisories/21099
Exploit
Patch
Vendor Advisory
http://securityreason.com/securityalert/1268
http://www.osvdb.org/27417
http://www.redteam-pentesting.de/advisories/rt-sa-2006-006.txt
Exploit
Vendor Advisory
http://www.securityfocus.com/archive/1/440643/100/0/threaded
http://www.securityfocus.com/bid/19091
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/27858

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:planet_concept:planetgallery:*:*:*:*:*:*:*:*

Версия до 2006-05-22 (включая)

EPSS

Процентиль: 73%

0.00746

Низкий

5.1 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-m87j-vgcj-h3gf

github

почти 4 года назад