4
CVSSv2

CVE-2006-0787

Published: 19/02/2006 Updated: 20/07/2017
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 405
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P

Vulnerability Summary

wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and previous versions, allows remote malicious users to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false information about songs, occupying excessive disk space with very long parameter values, and storing executable code that might be invoked through a different vulnerability. NOTE: since this issue, as described by the original researcher, is entirely dependent on the presence of another vulnerability, it could be argued that Wimpy cannot be responsible for how its data file is processed by applications outside of its control. Since this issue might only be useful as a facilitator manipulation in another vulnerability, perhaps it should not be included in CVE.

Vulnerable Product Search on Vulmon Subscribe to Product

plaino wimpy mp3

Exploits

source: wwwsecurityfocuscom/bid/16696/info Wimpy MP3 is prone to a weakness that permits the overwriting of a text file with arbitrary attacker-supplied data Successful exploitation of this issue may aid an attacker in further attacks The following proof of concept URI is available: wwwexamplecom/pathtowimpy/goodies/wimpy_tra ...