Sergey Korostel Php Upload Center : Security vulnerabilities, CVEs

Copy

CVE-2006-6360

PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter.

Max CVSS

7.5

EPSS Score

14.44%

Published

2006-12-07

Updated

2017-10-19

CVE-2006-1208

Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.

Max CVSS

7.5

EPSS Score

3.03%

Published

2006-03-14

Updated

2018-10-18

CVE-2006-1207

PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file.

Max CVSS

5.0

EPSS Score

0.86%

Published

2006-03-14

Updated

2018-10-18

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!