Vulnerabilities > CVE-2006-4977 - Input Validation vulnerability in PHPQuiz
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | phpQuiz <= 0.1.2 Remote SQL Injection / Code Execution Exploit. CVE-2006-4865,CVE-2006-4977,CVE-2006-4978,CVE-2006-4979. Webapps exploit for php platform |
| file | exploits/php/webapps/2376.pl |
| id | EDB-ID:2376 |
| last seen | 2016-01-31 |
| modified | 2006-09-16 |
| platform | php |
| port | |
| published | 2006-09-16 |
| reporter | simo64 |
| source | https://www.exploit-db.com/download/2376/ |
| title | phpQuiz <= 0.1.2 - Remote SQL Injection / Code Execution Exploit |
| type | webapps |
References
- http://secunia.com/advisories/22015
- http://securityreason.com/securityalert/1627
- http://www.morx.org/phpquiz.txt
- http://www.securityfocus.com/archive/1/446315/100/0/threaded
- http://www.securityfocus.com/bid/20065
- http://www.vupen.com/english/advisories/2006/3693
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28995
- https://www.exploit-db.com/exploits/2376