Devilz Clanportal bis 1.3.6.0 File Upload unbekannte Schwachstelle

EintraganpassenHistoryDiffjsonxmlCTI

Eine problematische Schwachstelle wurde in Devilz Clanportal bis 1.3.6.0 ausgemacht. Davon betroffen ist eine unbekannte Funktion der Komponente File Upload. Ein Upgrade auf die Version 1.3.6.1 vermag dieses Problem zu beheben.

Feld12.03.2015 22:2102.10.2017 10:48
nameDevilz ClanportalDevilz Clanportal
version<=1.3.6.0<=1.3.6.0
componentFile UploadFile Upload
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore3.53.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore5.35.3
cvss3_meta_tempscore4.44.4
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore4.44.4
date1165363200 (06.12.2006)1165363200 (06.12.2006)
urlhttp://www.securityfocus.com/archive/1/archive/1/453178/100/0/threadedhttp://www.securityfocus.com/archive/1/archive/1/453178/100/0/threaded
availability11
publicity11
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version1.3.6.11.3.6.1
cveCVE-2006-6338CVE-2006-6338
cve_assigned11653632001165363200
cve_nvd_published11653632001165363200
cve_nvd_summaryUnrestricted file upload vulnerability in upload/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to inc/images/uploads/userpics/.Unrestricted file upload vulnerability in upload/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to inc/images/uploads/userpics/.
secunia2319423194
securityfocus2138921389
securityfocus_date1164931200 (01.12.2006)1164931200 (01.12.2006)
securityfocus_classInput Validation ErrorInput Validation Error
securityfocus_titleDZCP Clanportal Index.PHP Arbitrary File Upload VulnerabilityDZCP Clanportal Index.PHP Arbitrary File Upload Vulnerability
vupenADV-2006-4821ADV-2006-4821
xforce3065330653
xforce_titleDZCP index.php file uploadDZCP index.php file upload
xforce_identifierdzcp-index-file-uploaddzcp-index-file-upload
seealso3365133651
locationWebsiteWebsite
cvss2_vuldb_eUU
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcURUR
cvss3_vuldb_eUU
cvss3_vuldb_rlOO
cvss3_vuldb_rcRR
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
urlhttp://www.securityfocus.com/data/vulnerabilities/exploits/21389.txt

Do you want to use VulDB in your project?

Use the official API to access entries easily!