Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2006-0922
HistoryFeb 28, 2006 - 11:00 a.m.

CVE-2006-0922

2006-02-2811:00:00
mitre
www.cve.org

6.8 Medium

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON

CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.

Related

nvd 1
nessus 1
cve 1
prion 1
nvd
nvd
CVE-2006-0922
2006-02-28 11:02:00
nessus
nessus
CubeCart FCKeditor connector.php Arbitrary File Upload
2006-04-05 00:00:00
cve
cve
CVE-2006-0922
2006-02-28 11:02:00
prion
prion
Path traversal
2006-02-28 11:02:00

6.8 Medium

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON
Related for CVELIST:CVE-2006-0922
nvd1nessus1cve1prion1