CVE-2006-0169

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-0169
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://evuln.com/vulns/23/summary.html Exploit
http://secunia.com/advisories/18399 Vendor Advisory
http://www.securityfocus.com/archive/1/421626/100/0/threaded
http://www.securityfocus.com/bid/16208
http://www.vupen.com/english/advisories/2006/0147
https://exchange.xforce.ibmcloud.com/vulnerabilities/24070
http://evuln.com/vulns/23/summary.html Exploit
http://secunia.com/advisories/18399 Vendor Advisory
http://www.securityfocus.com/archive/1/421626/100/0/threaded
http://www.securityfocus.com/bid/16208
http://www.vupen.com/english/advisories/2006/0147
https://exchange.xforce.ibmcloud.com/vulnerabilities/24070
Configurations

Configuration 1 (hide)

cpe:2.3:a:myphpim:myphpim:01.05:*:*:*:*:*:*:*
History

21 Nov 2024, 00:05

Type Values Removed Values Added
References () http://evuln.com/vulns/23/summary.html - Exploit () http://evuln.com/vulns/23/summary.html - Exploit
References () http://secunia.com/advisories/18399 - Vendor Advisory () http://secunia.com/advisories/18399 - Vendor Advisory
References () http://www.securityfocus.com/archive/1/421626/100/0/threaded - () http://www.securityfocus.com/archive/1/421626/100/0/threaded -
References () http://www.securityfocus.com/bid/16208 - () http://www.securityfocus.com/bid/16208 -
References () http://www.vupen.com/english/advisories/2006/0147 - () http://www.vupen.com/english/advisories/2006/0147 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/24070 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/24070 -
Information

Published : 2006-01-11 21:03

Updated : 2025-04-03 01:03

NVD link : CVE-2006-0169

Mitre link : CVE-2006-0169

CVE.ORG link : CVE-2006-0169

JSON object : View

Products Affected

myphpim

  • myphpim
CWE
NVD-CWE-Other