SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2006-1371

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.0
Exploit Score: 8.0
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

EXPLOIT-DB-1605

BID-17209

SECUNIA-19353

http://www.attrition.org/pipermail/vim/2006-March/000649.html

OSVDB-24058

OSVDB-24059

ADV-2006-1052

http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10

xhpcms-filemanager-file-upload(25399)


30479



423868



248149



909



194803



282