Vulnerabilities > CVE-2006-3128 - Unspecified vulnerability in Easy-Cms 0.1.2

CVSS 4.6 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

easy-cms

NVD

Published: 2006-06-21

Updated: 2018-10-18

Summary

choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory.

Vulnerable Configurations

Part	Description	Count
Application	Easy-Cms Easy CMS Easy CMS 0.1.2	1

References

http://biyosecurity.be/bugs/easycms.txt
http://secunia.com/advisories/20733
http://securitytracker.com/id?1016335
http://www.osvdb.org/26633
http://www.securityfocus.com/archive/1/437705/100/0/threaded
http://www.securityfocus.com/bid/18496
http://www.vupen.com/english/advisories/2006/2419
https://exchange.xforce.ibmcloud.com/vulnerabilities/27281