CVE-2006-3070

by Fred · 19/06/2006

write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.

Date published : 2006-06-19

http://www.securityfocus.com/bid/18465

http://www.securityfocus.com/archive/1/437442/30/4320/threaded

CVE-2006-3070

Similar

Recent Posts

Categories

CVE-2006-3070

Share this:

Similar

Recent Posts

Categories

Tags