Vulnerability Details : CVE-2006-7070
Potential exploit
Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function.
Products affected by CVE-2006-7070
- cpe:2.3:a:etomite:etomite:*:*:*:*:*:*:*:*
- cpe:2.3:a:etomite:etomite:0.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-7070
19.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-7070
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2006-7070
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-7070
-
http://securityreason.com/securityalert/2326
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27947
-
http://www.securityfocus.com/archive/1/441202/100/0/threaded
-
http://securitytracker.com/id?1016593
Vendor Advisory
-
http://www.securityfocus.com/bid/19157
Exploit;Vendor Advisory
-
https://www.exploit-db.com/exploits/2072
-
http://www.osvdb.org/27543
-
http://secunia.com/advisories/21208
Patch;Vendor Advisory
-
http://www.etomite.org/forums/index.php?showtopic=5757&st=0&p=35605&#entry35605
Patch
-
http://retrogod.altervista.org/etomite_061_cmd.html
Exploit
Jump to