Lucene search

[email protected]CVE-2006-2931

HistoryJun 21, 2006 - 7:02 p.m.

CVE-2006-2931

2006-06-2119:02:00

[email protected]

web.nvd.nist.gov

cms mundo

image verification

remote code execution

security vulnerability

cve-2006-2931

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

90.9%

JSON

CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files.

Affected configurations

NVD

Node

hotwebscriptscms_mundoMatch1.0

hotwebscriptscms_mundoMatch1.0_build_007

CPENameOperatorVersion
hotwebscripts:cms_mundohotwebscripts cms mundoeq1.0
hotwebscripts:cms_mundohotwebscripts cms mundoeq1.0_build_007

CPE	Name	Operator	Version
hotwebscripts:cms_mundo	hotwebscripts cms mundo	eq	1.0
hotwebscripts:cms_mundo	hotwebscripts cms mundo	eq	1.0_build_007

References

secunia.com/advisories/20362

secunia.com/secunia_research/2006-43/advisory/

securitytracker.com/id?1016311

www.osvdb.org/26465

www.securityfocus.com/archive/1/437183/100/200/threaded

www.vupen.com/english/advisories/2006/2348

exchange.xforce.ibmcloud.com/vulnerabilities/27094

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2006-2931

nvd1 cvelist1 prion1 securityvulns1