Lucene search

[email protected]CVE-2006-0936

HistoryFeb 28, 2006 - 11:02 a.m.

CVE-2006-0936

2006-02-2811:02:00

[email protected]

web.nvd.nist.gov

cve-2006-0936

free host shop

website generator

remote authentication

arbitrary file upload

security vulnerability

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.3%

JSON

Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing %00.

Affected configurations

NVD

Node

free_host_shopwebsite_generatorMatch3.3

CPENameOperatorVersion
free_host_shop:website_generatorfree host shop website generatoreq3.3

CPE	Name	Operator	Version
free_host_shop:website_generator	free host shop website generator	eq	3.3

References

nsag.ru/vuln/894.html

secunia.com/advisories/19014

www.securityfocus.com/archive/1/426077/100/0/threaded

www.securityfocus.com/bid/16823

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.3%

JSON

Related for CVE-2006-0936

prion1 nvd1 cvelist1