Lucene search

[email protected]CVE-2006-1208

HistoryMar 14, 2006 - 1:06 a.m.

CVE-2006-1208

2006-03-1401:06:00

[email protected]

web.nvd.nist.gov

cve-2006-1208

sergey korostel

php upload center

remote code execution

php.li extension

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.

Affected configurations

NVD

Node

sergey_korostelphp_upload_center

CPENameOperatorVersion
sergey_korostel:php_upload_centersergey korostel php upload centereq*

CPE	Name	Operator	Version
sergey_korostel:php_upload_center	sergey korostel php upload center	eq	*

References

biyosecurity.be/bugs/phpuploadcenter2.txt

secunia.com/advisories/19107

securityreason.com/securityalert/564

www.blogcu.com/Liz0ziM/317250/

www.osvdb.org/23626

www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html

www.securityfocus.com/archive/1/427215/100/0/threaded

www.vupen.com/english/advisories/2006/0817

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

Related for CVE-2006-1208

cvelist1 nvd1 prion1