PT-2007-1387 · Imce · Imce
Publicado
2007-03-05
·
Atualizado
2017-07-29
·
CVE-2006-7109
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IMCE versions prior to 1.6
Description
The issue allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension, such as .php.gif.
Recommendations
For versions prior to 1.6, update to version 1.6 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary file types and validating file extensions to prevent malicious uploads.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Imce