CVE-2006-1371

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/19353	Exploit Patch Vendor Advisory
http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10
http://www.attrition.org/pipermail/vim/2006-March/000649.html
http://www.securityfocus.com/bid/17209
http://www.osvdb.org/24058
http://www.osvdb.org/24059
http://www.vupen.com/english/advisories/2006/1052	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25399
https://www.exploit-db.com/exploits/1605

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:xhp:cms:*:*:*:*:*:*:*:*

Information

Published : 2006-03-23 15:06

Updated : 2017-10-10 18:30

NVD link : CVE-2006-1371

Mitre link : CVE-2006-1371

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

Products Affected

xhp

cms

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/19353", "name": "19353", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10", "name": "http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.attrition.org/pipermail/vim/2006-March/000649.html", "name": "20060324 XHP vendor ack/fix", "tags": [], "refsource": "VIM"}, {"url": "http://www.securityfocus.com/bid/17209", "name": "17209", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/24058", "name": "24058", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24059", "name": "24059", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/1052", "name": "ADV-2006-1052", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25399", "name": "xhpcms-filemanager-file-upload(25399)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/1605", "name": "1605", "tags": [], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1371", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-03-23T23:06Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:xhp:cms:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:30Z"}