Lucene search

[email protected]CVE-2006-2931

HistoryJun 21, 2006 - 7:02 p.m.

CVE-2006-2931

2006-06-2119:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cms mundo

image verification

remote code execution

security vulnerability

cve-2006-2931

7.8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON

CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files.

CPENameOperatorVersion
hotwebscripts:cms_mundohotwebscripts cms mundoeq1.0
hotwebscripts:cms_mundohotwebscripts cms mundoeq1.0_build_007

CPE	Name	Operator	Version
hotwebscripts:cms_mundo	hotwebscripts cms mundo	eq	1.0
hotwebscripts:cms_mundo	hotwebscripts cms mundo	eq	1.0_build_007

References

secunia.com/advisories/20362

secunia.com/secunia_research/2006-43/advisory/

securitytracker.com/id?1016311

www.osvdb.org/26465

www.securityfocus.com/archive/1/437183/100/200/threaded

www.vupen.com/english/advisories/2006/2348

exchange.xforce.ibmcloud.com/vulnerabilities/27094

7.8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2006-2931

prion1 securityvulns1