|
|
CVE Reference: CVE-2006-7070 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-7070 |
|
|
Description: Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/27947 ST 1016593 SREASON http://securityreason.com/securityalert/2326 SAID Secunia Advisory: SA21208 OSVDB 27543 MISC http://retrogod.altervista.org/etomite_061_cmd.html MILW0RM http://www.milw0rm.com/exploits/2072 CONFIRM http://www.etomite.org/forums/index.php?showtopic=5757&st=0&p=35605&#entry35605 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/441202/100/0/threaded BID 19157 |
|
| Return to the previous page. |
