CVE-2006-3128

choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:S/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://biyosecurity.be/bugs/easycms.txt
http://secunia.com/advisories/20733	Vendor Advisory
http://securitytracker.com/id?1016335
http://www.osvdb.org/26633
http://www.securityfocus.com/archive/1/437705/100/0/threaded
http://www.securityfocus.com/bid/18496
http://www.vupen.com/english/advisories/2006/2419
https://exchange.xforce.ibmcloud.com/vulnerabilities/27281

Configurations

Configuration 1 (hide)

cpe:2.3:a:easy-cms:easy-cms:0.1.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-06-21 23:02

Updated : 2018-10-18 16:46

NVD link : CVE-2006-3128

Mitre link : CVE-2006-3128

CVE.ORG link : CVE-2006-3128

JSON object : View

Products Affected

easy-cms

easy-cms

CWE

NVD-CWE-Other

{"id": "CVE-2006-3128", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-06-21T23:02:00.000", "references": [{"url": "http://biyosecurity.be/bugs/easycms.txt", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20733", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016335", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/26633", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/437705/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18496", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2419", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27281", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory."}, {"lang": "es", "value": "choose_file.php en easy-CMS v0.1.2, cuando mod_mime es instalado, no restringe subida de ficheros con m\u00faltiples extensiones, lo que permite que atacantes remotos ejecuten c\u00f3digo PHP de su elecci\u00f3n actualizando un fichero PHP con una extensi\u00f3n GIF, despu\u00e9s accediendo directamente al fichero en el directorio Repositories."}], "lastModified": "2018-10-18T16:46:01.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:easy-cms:easy-cms:0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A768EBF2-C137-4E87-8790-3B4FEBE2D73E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}