Lucene search

[email protected]CVE-2006-6511

HistoryDec 14, 2006 - 12:28 a.m.

CVE-2006-6511

2006-12-1400:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-6511

dadaimc

remote code execution

.htaccess

filesmatch directive

php code

nvd

8.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.2%

JSON

dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php).

CPENameOperatorVersion
dadaimc:dadaimcdadaimcle0.99.3

CPE	Name	Operator	Version
dadaimc:dadaimc	dadaimc	le	0.99.3

References

bugs.dadaimc.org/view.php?id=191

secunia.com/advisories/23305

www.vupen.com/english/advisories/2006/4977

exchange.xforce.ibmcloud.com/vulnerabilities/30862

8.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.2%

JSON