Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-12-21T21:00:00
Updated: 2024-08-07T20:33:59.975Z
Reserved: 2006-12-21T00:00:00
Link: CVE-2006-6694
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-12-21T21:28:00.000
Modified: 2024-11-21T00:23:25.557
Link: CVE-2006-6694
Redhat
No data.