Vulnerability Description
Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ansilove | Ansilove | 1.01 |
References
- http://secunia.com/advisories/18810PatchVendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=392826Patch
- http://www.securityfocus.com/bid/16603
- http://www.vupen.com/english/advisories/2006/0536
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24684
- http://secunia.com/advisories/18810PatchVendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=392826Patch
- http://www.securityfocus.com/bid/16603
- http://www.vupen.com/english/advisories/2006/0536
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24684
FAQ
What is CVE-2006-0695?
CVE-2006-0695 is a vulnerability with a CVSS score of 7.5 (HIGH). Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them direc...
How severe is CVE-2006-0695?
CVE-2006-0695 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0695?
Check the references section above for vendor advisories and patch information. Affected products include: Ansilove Ansilove.