Lucene search

[email protected]NVD:CVE-2006-3939

HistoryJul 31, 2006 - 10:04 p.m.

CVE-2006-3939

2006-07-3122:04:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.012

Percentile

84.9%

JSON

ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files.

Affected configurations

Nvd

Node

scriptscenterezupload_proMatch2.2

VendorProductVersionCPE
scriptscenterezupload_pro2.2cpe:2.3:a:scriptscenter:ezupload_pro:2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
scriptscenter	ezupload_pro	2.2	cpe:2.3:a:scriptscenter:ezupload_pro:2.2:::::::*

References

securityreason.com/securityalert/1305

www.securityfocus.com/archive/1/441172/100/0/threaded

www.securityfocus.com/bid/19175

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.012

Percentile

84.9%

JSON

Related for NVD:CVE-2006-3939

cvelist1 cve1