Lucene search

[email protected]NVD:CVE-2006-1363

HistoryMar 23, 2006 - 11:06 a.m.

CVE-2006-1363

2006-03-2311:06:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.042

Percentile

92.3%

JSON

images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file.

Affected configurations

Nvd

Node

justin_whitefreewpsMatch2.11

VendorProductVersionCPE
justin_whitefreewps2.11cpe:2.3:a:justin_white:freewps:2.11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
justin_white	freewps	2.11	cpe:2.3:a:justin_white:freewps:2.11:::::::*

References

secunia.com/advisories/19343

www.vupen.com/english/advisories/2006/1038

exchange.xforce.ibmcloud.com/vulnerabilities/25377

www.exploit-db.com/exploits/1600

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.042

Percentile

92.3%

JSON

Related for NVD:CVE-2006-1363

prion1 exploitdb1 cvelist1 cve1