write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-06-19T10:00:00
Updated: 2018-10-18T14:57:01
Reserved: 2006-06-19T00:00:00
Link: CVE-2006-3070
JSON object: View
NVD Information
Status : Modified
Published: 2006-06-19T10:02:00.000
Modified: 2018-10-18T16:45:24.920
Link: CVE-2006-3070
JSON object: View
Redhat Information
No data.
CWE