Vulnerability Description
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Myphpim | Myphpim | 01.05 |
References
- http://evuln.com/vulns/23/summary.htmlExploit
- http://secunia.com/advisories/18399Vendor Advisory
- http://www.securityfocus.com/archive/1/421626/100/0/threaded
- http://www.securityfocus.com/bid/16208
- http://www.vupen.com/english/advisories/2006/0147
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24070
- http://evuln.com/vulns/23/summary.htmlExploit
- http://secunia.com/advisories/18399Vendor Advisory
- http://www.securityfocus.com/archive/1/421626/100/0/threaded
- http://www.securityfocus.com/bid/16208
- http://www.vupen.com/english/advisories/2006/0147
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24070
FAQ
What is CVE-2006-0169?
CVE-2006-0169 is a vulnerability with a CVSS score of 7.5 (HIGH). addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the upl...
How severe is CVE-2006-0169?
CVE-2006-0169 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0169?
Check the references section above for vendor advisories and patch information. Affected products include: Myphpim Myphpim.