Lucene search

MitreCVE-2006-3676

HistoryJul 24, 2006 - 12:19 p.m.

CVE-2006-3676

2006-07-2412:19:00

mitre

web.nvd.nist.gov

cve

2006

3676

admin

gallery

planetgallery

remote attackers

execute

arbitrary

php code

uploading files

double extension

bypass

regular expression

safe file types

nvd

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.094

Percentile

94.7%

JSON

admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.

Affected configurations

Nvd

Node

planet_conceptplanetgalleryRange≤2006-05-22

VendorProductVersionCPE
planet_conceptplanetgallery*cpe:2.3:a:planet_concept:planetgallery:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
planet_concept	planetgallery	*	cpe:2.3:a:planet_concept:planetgallery::::::::

References

archives.neohapsis.com/archives/fulldisclosure/2006-07/0434.html

secunia.com/advisories/21099

securityreason.com/securityalert/1268

www.osvdb.org/27417

www.redteam-pentesting.de/advisories/rt-sa-2006-006.txt

www.securityfocus.com/archive/1/440643/100/0/threaded

www.securityfocus.com/bid/19091

exchange.xforce.ibmcloud.com/vulnerabilities/27858

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.094

Percentile

94.7%

JSON

Related for CVE-2006-3676