CVE-2006-0169

2006-01-1121:00:00

mitre

www.cve.org

AI Score

7.6

Confidence

High

EPSS

0.019

Percentile

88.5%

JSON

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.

References

evuln.com/vulns/23/summary.html

secunia.com/advisories/18399

www.securityfocus.com/archive/1/421626/100/0/threaded

www.securityfocus.com/bid/16208

www.vupen.com/english/advisories/2006/0147

exchange.xforce.ibmcloud.com/vulnerabilities/24070