CVE-2006-3102

Name of the Vulnerable Software and Affected Versions Bitweaver version 1.3

Description A race condition exists in the articles/BitArticle.php file of Bitweaver, allowing remote attackers to execute arbitrary PHP code when run on Apache with the mod mime extension. This is achieved by uploading files with double extensions, which are temporarily stored under the webroot in the temp/articles directory.

Recommendations For Bitweaver version 1.3, consider restricting access to the temp/articles directory or implementing validation to prevent uploads of files with double extensions as a temporary workaround until a patch is available.