exploitDog

CVE-2006-4859

Опубликовано: 19 сент. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.2l:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01001

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-crg7-c4x5-jq8x

github

почти 4 года назад

Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.

EPSS

Процентиль: 77%

0.01001

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other