Vulnerability CVE-2006-0169


Published: 2006-01-11   Modified: 2012-02-12

Description:
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Myphpim -> Myphpim 

 References:
http://evuln.com/vulns/23/summary.html
http://www.securityfocus.com/archive/1/421626/100/0/threaded
http://www.securityfocus.com/bid/16208
http://www.vupen.com/english/advisories/2006/0147
https://exchange.xforce.ibmcloud.com/vulnerabilities/24070

Copyright 2024, cxsecurity.com

 

Back to Top