Lucene search

[email protected]CVE-2006-3158

HistoryJun 22, 2006 - 10:06 p.m.

CVE-2006-3158

2006-06-2222:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3158

file upload

security bypass

remote code execution

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.126 Low

EPSS

Percentile

95.4%

JSON

index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.

CPENameOperatorVersion
eduha_meeting:eduha_meetingeduha meetingeq*

CPE	Name	Operator	Version
eduha_meeting:eduha_meeting	eduha meeting	eq	*

References

secunia.com/advisories/20731

www.biyosecurity.be/bugs/meeting.txt

www.osvdb.org/26627

www.securityfocus.com/archive/1/437992/100/0/threaded

www.securityfocus.com/bid/18499

www.vupen.com/english/advisories/2006/2428

exchange.xforce.ibmcloud.com/vulnerabilities/27296

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.126 Low

EPSS

Percentile

95.4%

JSON