Lucene search

K
cve[email protected]CVE-2006-2695
HistoryMay 31, 2006 - 10:06 a.m.

CVE-2006-2695

2006-05-3110:06:00
web.nvd.nist.gov
19
cve-2006-2695
dgnews
remote code execution
file upload vulnerability
security
nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.

Affected configurations

NVD
Node
dgnewsdgnewsRange1.5
CPENameOperatorVersion
dgnews:dgnewsdgnewsle1.5

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

Related for CVE-2006-2695