Lucene search

MitreCVE-2006-0169

HistoryJan 11, 2006 - 9:03 p.m.

CVE-2006-0169

2006-01-1121:03:00

mitre

web.nvd.nist.gov

myphpim

remote code execution

file upload vulnerability

cve-2006-0169

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.019

Percentile

88.5%

JSON

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.

Affected configurations

Nvd

Node

myphpimmyphpimMatch01.05

VendorProductVersionCPE
myphpimmyphpim01.05cpe:2.3:a:myphpim:myphpim:01.05:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
myphpim	myphpim	01.05	cpe:2.3:a:myphpim:myphpim:01.05:::::::*

References

evuln.com/vulns/23/summary.html

secunia.com/advisories/18399

www.securityfocus.com/archive/1/421626/100/0/threaded

www.securityfocus.com/bid/16208

www.vupen.com/english/advisories/2006/0147

exchange.xforce.ibmcloud.com/vulnerabilities/24070

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.019

Percentile

88.5%

JSON

Related for CVE-2006-0169