Vulnerabilities > CVE-2006-0702 - Multiple vulnerability in Imagevue 0.16.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | ImageVue 0.16.1 upload.php Unrestricted File Upload. CVE-2006-0702. Webapps exploit for php platform |
id | EDB-ID:27200 |
last seen | 2016-02-03 |
modified | 2006-02-11 |
published | 2006-02-11 |
reporter | zjieb |
source | https://www.exploit-db.com/download/27200/ |
title | ImageVue 0.16.1 upload.php Unrestricted File Upload |
Nessus
NASL family | CGI abuses |
NASL id | IMAGEVUE_162.NASL |
description | The remote host is running imageVue, a web-based photo gallery application written in PHP. The installed version of imageVue allows unauthenticated attackers to upload arbitrary files, including files containing code that can then be executed subject to the privileges of the web server user id. In addition, it is also reportedly affected by information disclosure and cross-site scripting vulnerabilities, although Nessus has not checked for those issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20991 |
published | 2006-03-03 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20991 |
title | imageVue < 16.2 admin/upload.php Unrestricted File Upload |