CVE-2006-5845

Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=116302805802656&w=2	Mailing List
http://s-a-p.ca/index.php?page=OurAdvisories&id=9	Broken Link URL Repurposed
http://secunia.com/advisories/22788	Permissions Required Third Party Advisory
http://securitytracker.com/id?1017201	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2006/4421	Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/30131

Configurations

Configuration 1 (hide)

cpe:2.3:a:speedywiki:speedywiki:2.0:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~() http://s-a-p.ca/index.php?page=OurAdvisories&id=9 - Broken Link~~	() http://s-a-p.ca/index.php?page=OurAdvisories&id=9 - Broken Link, URL Repurposed

Information

Published : 2006-11-10 02:07

Updated : 2024-02-14 01:17

NVD link : CVE-2006-5845

Mitre link : CVE-2006-5845

CVE.ORG link : CVE-2006-5845

JSON object : View

Products Affected

speedywiki

speedywiki

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2006-5845", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-11-10T02:07:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=116302805802656&w=2", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9", "tags": ["Broken Link", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22788", "tags": ["Permissions Required", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017201", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4421", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30131", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1."}, {"lang": "es", "value": "Vulnerabilidad de envi\u00f3 de archivos no restrictiva en index.php de Speedywiki 2.0 permite a usuarios remotos autenticados enviar y ejecutar c\u00f3digo PHP de su elecci\u00f3n poniendo el valor \"1\" al par\u00e1metro upload.\r\n\r\n\r\n"}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:speedywiki:speedywiki:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC1F2120-776F-4196-ADAE-0816139C0A73"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}