ID |
CVE-2006-5918
|
Summary |
Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 17-10-2018 - 21:45) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 20896 | bugtraq | 20061106 PHP Rapid Kill All Version File Injection | sreason | 1862 |
|
Last major update |
17-10-2018 - 21:45 |
Published |
15-11-2006 - 15:07 |
Last modified |
17-10-2018 - 21:45 |