CVE-2006-5845 - OpenCVE

Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Speedywiki	Speedywiki

Configuration 1 [-]

cpe:2.3:a:speedywiki:speedywiki:2.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=116302805802656&w=2
http://s-a-p.ca/index.php?page=OurAdvisories&id=9
http://secunia.com/advisories/22788
http://securitytracker.com/id?1017201
http://www.vupen.com/english/advisories/2006/4421
https://exchange.xforce.ibmcloud.com/vulnerabilities/30131

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-10T02:00:00

Updated: 2024-08-07T20:04:55.600Z

Reserved: 2006-11-09T00:00:00

Link: CVE-2006-5845

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-10T02:07:00.000

Modified: 2024-02-14T01:17:43.863

Link: CVE-2006-5845

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-08T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061108 Speedwiki 2.0 Arbitrary File Upload Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=116302805802656&w=2"}, {"name": "speedwiki-index-file-upload(30131)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30131"}, {"name": "22788", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22788"}, {"name": "ADV-2006-4421", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4421"}, {"tags": ["x_refsource_MISC"], "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9"}, {"name": "1017201", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017201"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5845", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061108 Speedwiki 2.0 Arbitrary File Upload Vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=116302805802656&w=2"}, {"name": "speedwiki-index-file-upload(30131)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30131"}, {"name": "22788", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22788"}, {"name": "ADV-2006-4421", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4421"}, {"name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9", "refsource": "MISC", "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9"}, {"name": "1017201", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017201"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:04:55.600Z"}, "title": "CVE Program Container", "references": [{"name": "20061108 Speedwiki 2.0 Arbitrary File Upload Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=116302805802656&w=2"}, {"name": "speedwiki-index-file-upload(30131)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30131"}, {"name": "22788", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22788"}, {"name": "ADV-2006-4421", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4421"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9"}, {"name": "1017201", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017201"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5845", "datePublished": "2006-11-10T02:00:00", "dateReserved": "2006-11-09T00:00:00", "dateUpdated": "2024-08-07T20:04:55.600Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:speedywiki:speedywiki:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CC1F2120-776F-4196-ADAE-0816139C0A73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1."}, {"lang": "es", "value": "Vulnerabilidad de envi\u00f3 de archivos no restrictiva en index.php de Speedywiki 2.0 permite a usuarios remotos autenticados enviar y ejecutar c\u00f3digo PHP de su elecci\u00f3n poniendo el valor \"1\" al par\u00e1metro upload.\r\n\r\n\r\n"}], "id": "CVE-2006-5845", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-10T02:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=116302805802656&w=2"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "URL Repurposed"], "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/22788"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017201"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://www.vupen.com/english/advisories/2006/4421"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30131"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}