CVE

Id
20706  
CVE No.
CVE-2006-4602  
Status
Candidate  
Description
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.  
Phase
Assigned (20060906)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
195536 20706 CVE-2006-4602 MILW0RM:2288  View
195537 20706 CVE-2006-4602 URL:http://milw0rm.com/exploits/2288  View
195538 20706 CVE-2006-4602 MISC:http://isc.sans.org/diary.php?storyid=1672  View
195539 20706 CVE-2006-4602 CONFIRM:http://tikiwiki.org/tiki-read_article.php?articleId=136  View
195540 20706 CVE-2006-4602 GENTOO:GLSA-200609-16  View
195541 20706 CVE-2006-4602 URL:http://security.gentoo.org/glsa/glsa-200609-16.xml  View
195542 20706 CVE-2006-4602 BID:19819  View
195543 20706 CVE-2006-4602 URL:http://www.securityfocus.com/bid/19819  View
195544 20706 CVE-2006-4602 VUPEN:ADV-2006-3450  View
195545 20706 CVE-2006-4602 URL:http://www.vupen.com/english/advisories/2006/3450  View
195546 20706 CVE-2006-4602 OSVDB:28456  View
195547 20706 CVE-2006-4602 URL:http://www.osvdb.org/28456  View
195548 20706 CVE-2006-4602 SECUNIA:21733  View
195549 20706 CVE-2006-4602 URL:http://secunia.com/advisories/21733  View
195550 20706 CVE-2006-4602 SECUNIA:22100  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
59794 JVNDB-2006-002060 Lanifex DMO の LFXlib/access_manager.php における PHP リモートファイルインクルージョンの脆弱性 Lanifex Database of Managed Objects (DMO) の LFXlib/access_manager.php には、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2006-4604 20706 7.5 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-002060.html  View