Lucene search
MitreCVE-2006-1363HistoryMar 23, 2006 - 11:06 a.m.
CVE-2006-1363
2006-03-2311:06:00
mitre
web.nvd.nist.gov
26
cve-2006-1363
remote code execution
freewps
php file upload
web publishing system
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
High
EPSS
0.042
Percentile
92.3%
images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file.
Affected configurations
Node
justin_whitefreewpsMatch2.11
| Vendor | Product | Version | CPE |
|---|---|---|---|
| justin_white | freewps | 2.11 | cpe:2.3:a:justin_white:freewps:2.11:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
FreeWPS 2.11 - 'images.php' Remote Code Execution
2006-03-21 00:00:00
prion
prion
Design/Logic Flaw
2006-03-23 11:06:00
cvelist
cvelist
CVE-2006-1363
2006-03-23 11:00:00
nvd
nvd
CVE-2006-1363
2006-03-23 11:06:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
High
EPSS
0.042
Percentile
92.3%
Related for CVE-2006-1363