Vulnerabilities > CVE-2006-6879 - Unspecified vulnerability in PHP-Update

047910
CVSS 6.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
php-update
exploit available

Summary

Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.

Vulnerable Configurations

Part Description Count
Application
Php-Update
1

Exploit-Db

  • descriptionPHP-Update <= 2.7 (admin/uploads.php) Remote Code Execution Exploit. CVE-2006-6878,CVE-2006-6879. Webapps exploit for php platform
    fileexploits/php/webapps/3020.pl
    idEDB-ID:3020
    last seen2016-01-31
    modified2006-12-26
    platformphp
    port
    published2006-12-26
    reporterundefined1_
    sourcehttps://www.exploit-db.com/download/3020/
    titlePHP-Update <= 2.7 admin/uploads.php Remote Code Execution Exploit
    typewebapps
  • descriptionPHP-Update <= 2.7 Multiple Remote Vulnerabilities Exploit. CVE-2006-6879,CVE-2006-6880. Webapps exploit for php platform
    fileexploits/php/webapps/3017.php
    idEDB-ID:3017
    last seen2016-01-31
    modified2006-12-26
    platformphp
    port
    published2006-12-26
    reporterrgod
    sourcehttps://www.exploit-db.com/download/3017/
    titlephp-update <= 2.7 - Multiple Vulnerabilities Exploit
    typewebapps