Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0169

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0169
Last Modified 07 Mar 2011 09:29:28
Published 11 Jan 2006 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0169

Summary

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.

Vulnerable Systems

Application

  • Myphpim 01.05


References

XF - myphpim-addresses-file-upload(24070)

VUPEN - ADV-2006-0147

BID - 16208

BUGTRAQ - 20060111 [eVuln] MyPhPim Arbitrary File Upload

SECUNIA - 18399

MISC - http://evuln.com/vulns/23/summary.html


Last Updated: 27 May 2016 10:41:34