CVE-2006-4977

2006-09-2501:00:00

mitre

www.cve.org

AI Score

7.4

Confidence

Low

EPSS

0.027

Percentile

90.5%

JSON

Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, © image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter.

References

secunia.com/advisories/22015

securityreason.com/securityalert/1627

www.morx.org/phpquiz.txt

www.securityfocus.com/archive/1/446315/100/0/threaded

www.securityfocus.com/bid/20065

www.vupen.com/english/advisories/2006/3693

exchange.xforce.ibmcloud.com/vulnerabilities/28995

www.exploit-db.com/exploits/2376