Lucene search

[email protected]CVE-2006-1371

HistoryMar 23, 2006 - 11:06 p.m.

CVE-2006-1371

2006-03-2323:06:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2006-1371

laurentiu matei

xhp cms

htmlarea filemanager

php

file upload vulnerability

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.

Affected configurations

NVD

Node

xhpcmsRange≤0.5

CPENameOperatorVersion
xhp:cmsxhp cmsle0.5

CPE	Name	Operator	Version
xhp:cms	xhp cms	le	0.5

References

secunia.com/advisories/19353

www.attrition.org/pipermail/vim/2006-March/000649.html

www.osvdb.org/24058

www.osvdb.org/24059

www.securityfocus.com/bid/17209

www.vupen.com/english/advisories/2006/1052

xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10

exchange.xforce.ibmcloud.com/vulnerabilities/25399

www.exploit-db.com/exploits/1605

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON

Related for CVE-2006-1371

openvas2 nvd1 prion1 cvelist1