dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-12-14T00:00:00
Updated: 2024-08-07T20:26:46.571Z
Reserved: 2006-12-13T00:00:00
Link: CVE-2006-6511
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-12-14T00:28:00.000
Modified: 2017-07-29T01:29:34.060
Link: CVE-2006-6511
Redhat
No data.