ID CVE-2006-5918
Summary Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites.
References
Vulnerable Configurations
  • cpe:2.3:a:php_rapid_kill:php_rapid_kill:5.7_pro:*:*:*:*:*:*:*
    cpe:2.3:a:php_rapid_kill:php_rapid_kill:5.7_pro:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 20896
bugtraq 20061106 PHP Rapid Kill All Version File Injection
sreason 1862
Last major update 17-10-2018 - 21:45
Published 15-11-2006 - 15:07
Last modified 17-10-2018 - 21:45
Back to Top