DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2006-05/0318.html | Broken Link Exploit |
http://retrogod.altervista.org/deluxebb_106_xpl.html | Broken Link Exploit |
http://secunia.com/advisories/20135 | Broken Link Patch Vendor Advisory |
http://securityreason.com/securityalert/1492 | Exploit Third Party Advisory |
http://www.vupen.com/english/advisories/2006/1843 | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/26485 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-09-06T00:00:00
Updated: 2017-07-19T15:57:01
Reserved: 2006-09-05T00:00:00
Link: CVE-2006-4558
JSON object: View
NVD Information
Status : Analyzed
Published: 2006-09-06T00:04:00.000
Modified: 2024-01-26T19:02:08.993
Link: CVE-2006-4558
JSON object: View
Redhat Information
No data.
CWE