CVE-2006-3128

2006-06-21T23:02:00
ID CVE-2006-3128
Type cve
Reporter cve@mitre.org
Modified 2018-10-18T16:46:00

Description

choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory.