Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-09-19T18:00:00
Updated: 2017-10-18T16:57:01
Reserved: 2006-09-19T00:00:00
Link: CVE-2006-4859
JSON object: View
NVD Information
Status : Modified
Published: 2006-09-19T18:07:00.000
Modified: 2017-10-19T01:29:26.050
Link: CVE-2006-4859
JSON object: View
Redhat Information
No data.
CWE