Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2931

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2931
Last Modified 07 Mar 2011 09:37:19
Published 21 Jun 2006 03:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2931

Summary

CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files.

Vulnerable Systems

Application

  • Hotwebscripts Cms Mundo 1.0

  • Hotwebscripts Cms Mundo 1.0 Build 007


References

VUPEN - ADV-2006-2348

SECTRACK - 1016311

MISC - http://secunia.com/secunia_research/2006-43/advisory/

XF - cmsmundo-php-file-upload(27094)

BUGTRAQ - 20060614 Secunia Research: CMS Mundo SQL Injection and File UploadVulnerabilities

OSVDB - 26465

SECUNIA - 20362


Last Updated: 27 May 2016 10:42:49