CVE-2006-3102

🗓️ 21 Jun 2006 01:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

Race condition in Bitweaver 1.3 allows remote attackers to execute arbitrary PHP code

Reporter	Title	Published	Views	Family All 3
Cvelist	CVE-2006-3102	21 Jun 200601:00	–	cvelist
EUVD	EUVD-2006-3099	7 Oct 202500:30	–	euvd
NVD	CVE-2006-3102	21 Jun 200601:02	–	nvd

NVD

Node

bitweaver bitweaverMatch1.3

Source	Link
securityfocus	www.securityfocus.com/archive/1/437491/100/0/threaded
sourceforge	www.sourceforge.net/project/shownotes.php
secunia	www.secunia.com/advisories/20695
retrogod	www.retrogod.altervista.org/bitweaver_13_xpl.html
vupen	www.vupen.com/english/advisories/2006/2405
bitweaver	www.bitweaver.org/articles/45
exploit-db	www.exploit-db.com/exploits/1918
securityreason	www.securityreason.com/securityalert/1115
osvdb	www.osvdb.org/26587
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/27215

Parameter	Position	Path	Description	CWE
file	request body	articles/BitArticle.php	Race condition allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via BitArticle.php on Bitweaver 1.3.	CWE-434
upload	request body	articles/BitArticle.php	Race condition allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via BitArticle.php on Bitweaver 1.3.	CWE-434
userfile	request body	articles/BitArticle.php	Race condition allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via BitArticle.php on Bitweaver 1.3.	CWE-434

16 Apr 2026 00:27Current

7.7High risk

Vulners AI Score7.7

CVSS 25.1

EPSS0.07803

cve-2006-3102 bitweaver apache mod_mime remote code execution race condition