Vulnerabilities > CVE-2006-7134 - Arbitrary File Upload and Directory Traversal vulnerability in Noah Spurrier Upload Tool for PHP 1.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
noah-spurrier
critical

Summary

Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Successful exploitation requires valid user credentials.

Vulnerable Configurations

Part Description Count
Application
Noah_Spurrier
1