CVE-2006-2330 - OpenCVE

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php Fusion	Php Fusion

Configuration 1 [-]

OR	cpe:2.3:a:php_fusion:php_fusion:6.00.3:::::::*
	cpe:2.3:a:php_fusion:php_fusion:6.00.105:::::::*
	cpe:2.3:a:php_fusion:php_fusion:6.00.106:::::::*
	cpe:2.3:a:php_fusion:php_fusion:6.00.107:::::::*
	cpe:2.3:a:php_fusion:php_fusion:6.00.109:::::::*
	cpe:2.3:a:php_fusion:php_fusion:6.00.110:::::::*
	cpe:2.3:a:php_fusion:php_fusion:6.00.204:::::::*
	cpe:2.3:a:php_fusion:php_fusion:6.00.206:::::::*
	cpe:2.3:a:php_fusion:php_fusion:6.00.303:::::::*
	cpe:2.3:a:php_fusion:php_fusion:6.00.304:::::::*
	cpe:2.3:a:php_fusion:php_fusion:6.00.306:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/19992
http://securityreason.com/securityalert/873
http://www.osvdb.org/25537
http://www.php-fusion.co.uk/news.php
http://www.securityfocus.com/archive/1/433277/100/0/threaded
http://www.securityfocus.com/bid/17898
http://www.vupen.com/english/advisories/2006/1735
https://exchange.xforce.ibmcloud.com/vulnerabilities/26388

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-05-12T00:00:00

Updated: 2024-08-07T17:43:29.179Z

Reserved: 2006-05-11T00:00:00

Link: CVE-2006-2330

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-05-12T00:02:00.000

Modified: 2018-10-18T16:39:20.570

Link: CVE-2006-2330

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-08T00:00:00", "descriptions": [{"lang": "en", "value": "PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in \".php.gif\" and contains PHP code in EXIF metadata."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "873", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/873"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php-fusion.co.uk/news.php"}, {"name": "phpfusion-avatar-extensions-code-execution(26388)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26388"}, {"name": "25537", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25537"}, {"name": "20060508 PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/433277/100/0/threaded"}, {"name": "19992", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19992"}, {"name": "17898", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17898"}, {"name": "ADV-2006-1735", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1735"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2330", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in \".php.gif\" and contains PHP code in EXIF metadata."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "873", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/873"}, {"name": "http://www.php-fusion.co.uk/news.php", "refsource": "CONFIRM", "url": "http://www.php-fusion.co.uk/news.php"}, {"name": "phpfusion-avatar-extensions-code-execution(26388)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26388"}, {"name": "25537", "refsource": "OSVDB", "url": "http://www.osvdb.org/25537"}, {"name": "20060508 PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/433277/100/0/threaded"}, {"name": "19992", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19992"}, {"name": "17898", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17898"}, {"name": "ADV-2006-1735", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1735"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:43:29.179Z"}, "title": "CVE Program Container", "references": [{"name": "873", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/873"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php-fusion.co.uk/news.php"}, {"name": "phpfusion-avatar-extensions-code-execution(26388)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26388"}, {"name": "25537", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/25537"}, {"name": "20060508 PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/433277/100/0/threaded"}, {"name": "19992", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19992"}, {"name": "17898", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17898"}, {"name": "ADV-2006-1735", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1735"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2330", "datePublished": "2006-05-12T00:00:00", "dateReserved": "2006-05-11T00:00:00", "dateUpdated": "2024-08-07T17:43:29.179Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php_fusion:php_fusion:6.00.3:*:*:*:*:*:*:*", "matchCriteriaId": "81D8A288-20D3-42A2-BF19-14417D9063F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_fusion:php_fusion:6.00.105:*:*:*:*:*:*:*", "matchCriteriaId": "D4D79B94-BBA2-47D2-9D2C-5EF59FE6D7B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_fusion:php_fusion:6.00.106:*:*:*:*:*:*:*", "matchCriteriaId": "E92E863F-C72B-428E-A134-2CA5CA7058B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_fusion:php_fusion:6.00.107:*:*:*:*:*:*:*", "matchCriteriaId": "BFC61337-9477-46AC-AA5E-7722F594BCAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_fusion:php_fusion:6.00.109:*:*:*:*:*:*:*", "matchCriteriaId": "C1318098-F9B4-4BE8-AB18-3EB82DE4E740", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_fusion:php_fusion:6.00.110:*:*:*:*:*:*:*", "matchCriteriaId": "ECBE45DB-64DA-4EC5-9DF0-749D533E7510", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_fusion:php_fusion:6.00.204:*:*:*:*:*:*:*", "matchCriteriaId": "5B24DACA-1F61-4AD6-9074-F330EFB28B92", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_fusion:php_fusion:6.00.206:*:*:*:*:*:*:*", "matchCriteriaId": "5335762A-EA49-48D3-8A0C-0C031FECBC91", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_fusion:php_fusion:6.00.303:*:*:*:*:*:*:*", "matchCriteriaId": "D15B4762-66F2-4277-A975-00401C78F381", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_fusion:php_fusion:6.00.304:*:*:*:*:*:*:*", "matchCriteriaId": "DA03A905-10E9-4EF5-B6C0-739ADEB16705", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_fusion:php_fusion:6.00.306:*:*:*:*:*:*:*", "matchCriteriaId": "8E8CD847-F478-4DC1-92A8-A0DB3CBE3BBE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in \".php.gif\" and contains PHP code in EXIF metadata."}], "id": "CVE-2006-2330", "lastModified": "2018-10-18T16:39:20.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-05-12T00:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19992"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/873"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/25537"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.php-fusion.co.uk/news.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/433277/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/17898"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1735"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26388"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}