|
|
CVE Reference: CVE-2006-3336 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-3336 |
|
|
Description: TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. |
|
|
CVE Status: Candidate |
|
|
References: ST 1016458 SAID Secunia Advisory: SA20992 CONFIRM http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads BID 18854 |
|
| Return to the previous page. |
