CVE-2006-3608 - OpenCVE

The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Flatnuke	Flatnuke

Configuration 1 [-]

OR	cpe:2.3:a:flatnuke:flatnuke::::::::
	cpe:2.3:a:flatnuke:flatnuke:1.0:::::::*
	cpe:2.3:a:flatnuke:flatnuke:1.5:::::::*
	cpe:2.3:a:flatnuke:flatnuke:1.6:::::::*
	cpe:2.3:a:flatnuke:flatnuke:1.7:::::::*
	cpe:2.3:a:flatnuke:flatnuke:1.8:::::::*
	cpe:2.3:a:flatnuke:flatnuke:2.0:::::::*
	cpe:2.3:a:flatnuke:flatnuke:2.5.1:::::::*
	cpe:2.3:a:flatnuke:flatnuke:2.5.3:::::::*
	cpe:2.3:a:flatnuke:flatnuke:2.5.5:::::::*
	cpe:2.3:a:flatnuke:flatnuke:2.5.6:::::::*

No data.

References

Link	Providers
http://retrogod.altervista.org/flatnuke257_adv.html
http://secunia.com/advisories/21051
http://securitytracker.com/id?1016499
http://www.securityfocus.com/archive/1/439975/100/0/threaded
http://www.securityfocus.com/archive/1/442421/100/0/threaded
http://www.securityfocus.com/bid/18966
https://exchange.xforce.ibmcloud.com/vulnerabilities/27731

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-14T21:00:00

Updated: 2024-08-07T18:39:52.576Z

Reserved: 2006-07-14T00:00:00

Link: CVE-2006-3608

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-07-18T15:46:00.000

Modified: 2018-10-18T16:48:09.550

Link: CVE-2006-3608

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21051", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21051"}, {"tags": ["x_refsource_MISC"], "url": "http://retrogod.altervista.org/flatnuke257_adv.html"}, {"name": "20060713 flatnuke <= 2.5.7 arbitrary php file upload", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/439975/100/0/threaded"}, {"name": "20060807 Re: flatnuke <= 2.5.7 arbitrary php file upload", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/442421/100/0/threaded"}, {"name": "18966", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18966"}, {"name": "1016499", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016499"}, {"name": "flatnuke-gallery-code-execution(27731)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27731"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3608", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21051", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21051"}, {"name": "http://retrogod.altervista.org/flatnuke257_adv.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/flatnuke257_adv.html"}, {"name": "20060713 flatnuke <= 2.5.7 arbitrary php file upload", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/439975/100/0/threaded"}, {"name": "20060807 Re: flatnuke <= 2.5.7 arbitrary php file upload", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/442421/100/0/threaded"}, {"name": "18966", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18966"}, {"name": "1016499", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016499"}, {"name": "flatnuke-gallery-code-execution(27731)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27731"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:39:52.576Z"}, "title": "CVE Program Container", "references": [{"name": "21051", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21051"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://retrogod.altervista.org/flatnuke257_adv.html"}, {"name": "20060713 flatnuke <= 2.5.7 arbitrary php file upload", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/439975/100/0/threaded"}, {"name": "20060807 Re: flatnuke <= 2.5.7 arbitrary php file upload", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/442421/100/0/threaded"}, {"name": "18966", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18966"}, {"name": "1016499", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016499"}, {"name": "flatnuke-gallery-code-execution(27731)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27731"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3608", "datePublished": "2006-07-14T21:00:00", "dateReserved": "2006-07-14T00:00:00", "dateUpdated": "2024-08-07T18:39:52.576Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flatnuke:flatnuke:*:*:*:*:*:*:*:*", "matchCriteriaId": "F23949E8-2FC2-429B-8F18-A71F8EE55BE9", "versionEndIncluding": "2.5.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:flatnuke:flatnuke:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C37015F4-6F2C-4C29-93D3-AC3D718CCC0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:flatnuke:flatnuke:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "54F525A5-D948-47F6-BADF-5D05DD35CF9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:flatnuke:flatnuke:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "4D472A2E-113F-41AA-969E-7ACB65381E77", "vulnerable": true}, {"criteria": "cpe:2.3:a:flatnuke:flatnuke:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "D7A161EC-461C-4F4D-919A-81914A3F9097", "vulnerable": true}, {"criteria": "cpe:2.3:a:flatnuke:flatnuke:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "F8E983BC-9611-40A7-A1B8-3F4A6F49877E", "vulnerable": true}, {"criteria": "cpe:2.3:a:flatnuke:flatnuke:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B94F502-23E6-4624-AB60-F393AC4BDD8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:flatnuke:flatnuke:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "263DBD5A-63AD-4568-B29A-AC9268D77067", "vulnerable": true}, {"criteria": "cpe:2.3:a:flatnuke:flatnuke:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "E35353BC-BB2E-4702-BC8D-9809617199F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:flatnuke:flatnuke:2.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "80720E0A-2E73-47B2-BA0E-4CFA177F5BFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:flatnuke:flatnuke:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "F59B925E-748F-4BC8-AF15-997CDAC9F9EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file."}, {"lang": "es", "value": "El m\u00f3dulo Gallery en Simone Vellei Flatnuke 2.5.7 y anteriores, cuando actualizaci\u00f3n Gallery est\u00e1 activada no restringe las extensiones de los archivos actualizados que comienzan con una cabecera GIF, lo cual permite a usuarios remotos validados ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de un archivos .php actualizado."}], "evaluatorSolution": "Successful exploitation requires that Gallery uploads are enabled.", "id": "CVE-2006-3608", "lastModified": "2018-10-18T16:48:09.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-18T15:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://retrogod.altervista.org/flatnuke257_adv.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21051"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016499"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/439975/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/442421/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/18966"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27731"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}