Lucene search

[email protected]NVD:CVE-2006-0169

HistoryJan 11, 2006 - 9:03 p.m.

CVE-2006-0169

2006-01-1121:03:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.019

Percentile

88.5%

JSON

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.

Affected configurations

Nvd

Node

myphpimmyphpimMatch01.05

VendorProductVersionCPE
myphpimmyphpim01.05cpe:2.3:a:myphpim:myphpim:01.05:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
myphpim	myphpim	01.05	cpe:2.3:a:myphpim:myphpim:01.05:::::::*

References

evuln.com/vulns/23/summary.html

secunia.com/advisories/18399

www.securityfocus.com/archive/1/421626/100/0/threaded

www.securityfocus.com/bid/16208

www.vupen.com/english/advisories/2006/0147

exchange.xforce.ibmcloud.com/vulnerabilities/24070

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.019

Percentile

88.5%

JSON

Related for NVD:CVE-2006-0169

cvelist1 prion1 cve1