Vulnerabilities

CVE-2006-3128

by Fred · 21/06/2006

choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory.

Date published : 2006-06-21

http://www.securityfocus.com/bid/18496

http://www.securityfocus.com/archive/1/437705/100/0/threaded

Similar

Tags: Cybersecurity Alert