Lucene search

[email protected]CVE-2006-2695

HistoryMay 31, 2006 - 10:06 a.m.

CVE-2006-2695

2006-05-3110:06:00

[email protected]

web.nvd.nist.gov

cve-2006-2695

dgnews

remote code execution

file upload vulnerability

security

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.

Affected configurations

NVD

Node

dgnewsdgnewsRange≤1.5

CPENameOperatorVersion
dgnews:dgnewsdgnewsle1.5

CPE	Name	Operator	Version
dgnews:dgnews	dgnews	le	1.5

References

pridels0.blogspot.com/2006/05/dgnews-v-15-file-upload-vuln.html

secunia.com/advisories/20340

securitytracker.com/id?1016174

www.vupen.com/english/advisories/2006/2054

exchange.xforce.ibmcloud.com/vulnerabilities/26790

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

Related for CVE-2006-2695

nvd1 cvelist1 prion1