Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1371

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2006-1371
Last Modified 07 Mar 2011 12:00:00
Published 23 Mar 2006 06:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-1371

Summary

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.

Vulnerable Systems

Application

  • Xhp Cms 0.5


References

SECUNIA - 19353

CONFIRM - http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10

XF - xhpcms-filemanager-file-upload(25399)

VUPEN - ADV-2006-1052

BID - 17209

OSVDB - 24059

OSVDB - 24058

MILW0RM - 1605

VIM - 20060324 XHP vendor ack/fix

XF - xhpcms-filemanager-file-include(25399)


Last Updated: 27 May 2016 10:40:45