CVE-2006-0695

2006-02-1511:00:00

mitre

www.cve.org

7.7 High

AI Score

Confidence

Low

0.05 Low

EPSS

Percentile

92.9%

JSON

Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.

References

secunia.com/advisories/18810

sourceforge.net/project/shownotes.php?release_id=392826

www.securityfocus.com/bid/16603

www.vupen.com/english/advisories/2006/0536

exchange.xforce.ibmcloud.com/vulnerabilities/24684