9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7.1 High
AI Score
Confidence
High
0.032 Low
EPSS
Percentile
91.2%
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.
secunia.com/advisories/19353
www.attrition.org/pipermail/vim/2006-March/000649.html
www.osvdb.org/24058
www.osvdb.org/24059
www.securityfocus.com/bid/17209
www.vupen.com/english/advisories/2006/1052
xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10
exchange.xforce.ibmcloud.com/vulnerabilities/25399
www.exploit-db.com/exploits/1605