Vulnerabilities > CVE-2006-2695 - Remote Security vulnerability in Dgnews

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

dgnews

NVD

Published: 2006-05-31

Updated: 2017-07-20

Summary

admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory. Successful exploitation requires access to the administration section.

Vulnerable Configurations

Part	Description	Count
Application	Dgnews Dgnews Dgnews *	1

References

http://pridels0.blogspot.com/2006/05/dgnews-v-15-file-upload-vuln.html
http://secunia.com/advisories/20340
http://securitytracker.com/id?1016174
http://www.vupen.com/english/advisories/2006/2054
https://exchange.xforce.ibmcloud.com/vulnerabilities/26790