Directory traversal

2006-02-1511:06:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

0.05 Low

EPSS

Percentile

92.9%

JSON

Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.

CPENameOperatorVersion
ansiloveeq1.02
ansiloveeq1.01

CPE	Name	Operator	Version
	ansilove	eq	1.02
	ansilove	eq	1.01

References

secunia.com/advisories/18810

sourceforge.net/project/shownotes.php?release_id=392826

www.securityfocus.com/bid/16603

www.vupen.com/english/advisories/2006/0536

exchange.xforce.ibmcloud.com/vulnerabilities/24684