CVE-2006-6678

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-6678
The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4
http://secunia.com/advisories/23822
http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183 Patch
http://www.debian.org/security/2007/dsa-1251
http://www.securityfocus.com/bid/22158
http://www.vupen.com/english/advisories/2006/5092
http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4
http://secunia.com/advisories/23822
http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183 Patch
http://www.debian.org/security/2007/dsa-1251
http://www.securityfocus.com/bid/22158
http://www.vupen.com/english/advisories/2006/5092
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:netrik:netrik:*:*:*:*:*:*:*:*
cpe:2.3:a:netrik:netrik:1.15.2:*:*:*:*:*:*:*
History

21 Nov 2024, 00:23

Type Values Removed Values Added
References () http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4 - () http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4 -
References () http://secunia.com/advisories/23822 - () http://secunia.com/advisories/23822 -
References () http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183 - Patch () http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183 - Patch
References () http://www.debian.org/security/2007/dsa-1251 - () http://www.debian.org/security/2007/dsa-1251 -
References () http://www.securityfocus.com/bid/22158 - () http://www.securityfocus.com/bid/22158 -
References () http://www.vupen.com/english/advisories/2006/5092 - () http://www.vupen.com/english/advisories/2006/5092 -
Information

Published : 2006-12-21 01:28

Updated : 2025-04-09 00:30

NVD link : CVE-2006-6678

Mitre link : CVE-2006-6678

CVE.ORG link : CVE-2006-6678

JSON object : View

Products Affected

netrik

  • netrik
CWE
NVD-CWE-Other