Vulnerability Description
PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby instructions say "SET THE SAVE PATH by editing the line below.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rad Inks | Rad Upload | 3.02 |
References
- http://securityreason.com/securityalert/2034
- http://www.securityfocus.com/archive/1/454175/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30864
- http://securityreason.com/securityalert/2034
- http://www.securityfocus.com/archive/1/454175/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30864
FAQ
What is CVE-2006-6549?
CVE-2006-6549 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerabil...
How severe is CVE-2006-6549?
CVE-2006-6549 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6549?
Check the references section above for vendor advisories and patch information. Affected products include: Rad Inks Rad Upload.