PT-2007-1273 · Ozzywork · Ozzywork Gallery
Dj Remix
·
Publicado
2007-02-12
·
Atualizado
2024-01-26
·
CVE-2006-6994
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OzzyWork Gallery versions 2.0 and earlier
Description
The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to upload and execute arbitrary ASP files by bypassing client-side security checks.
Recommendations
For OzzyWork Gallery versions 2.0 and earlier, consider disabling the file upload functionality in add.asp until a patch is available to prevent the upload and execution of arbitrary ASP files. Restrict access to the add.asp module to minimize the risk of exploitation.
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ozzywork Gallery