Vulnerabilities > CVE-2006-2931 - Arbitrary PHP Code Execution vulnerability in CMS Mundo
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
References
- http://secunia.com/advisories/20362
- http://secunia.com/secunia_research/2006-43/advisory/
- http://securitytracker.com/id?1016311
- http://www.osvdb.org/26465
- http://www.securityfocus.com/archive/1/437183/100/200/threaded
- http://www.vupen.com/english/advisories/2006/2348
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27094