2 matches found
CVE-2006-3128
choosefile.php in easy-CMS 0.1.2, when modmime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories...
CVE-2006-3128
The CVE-2006-3128 issue affects easy-CMS 0.1.2 when mod_mime is active: the upload check does not restrict filenames with multiple extensions, enabling an attacker to upload a PHP file named with a GIF extension and then access it in the Repositories directory to achieve arbitrary PHP code execut...