CVE-2006-5918 - Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other

CVE-2006-5918

Summary

Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites.

References

http://securityreason.com/securityalert/1862
http://www.securityfocus.com/archive/1/450681/100/0/threaded
http://www.securityfocus.com/bid/20896

Vulnerable Configurations

cpe:2.3:a:php_rapid_kill:php_rapid_kill:5.7_pro:*:*:*:*:*:*:*
cpe:2.3:a:php_rapid_kill:php_rapid_kill:5.7_pro:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	20896
bugtraq	20061106 PHP Rapid Kill All Version File Injection
sreason	1862

Last major update

17-10-2018 - 21:45

Published

15-11-2006 - 15:07

Last modified

17-10-2018 - 21:45