2 matches found
CVE-2006-1208
CVE-2006-1208 affects the Sergey Korostel PHP Upload Center. The vulnerability allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory. The underlying cause is improper handling of uploaded f...
CVE-2006-1207
The CVE-2006-1207 issue affects PHP Upload Center. The vulnerability arises because password hashes are stored under the web root with insufficient access control, allowing remote attackers to download each password hash via a direct request to upload/users/[USERNAME]. The available documents des...