PT-2006-2372 · Freewps · Freewps

Alexander Wilhelm

Published

2006-03-23

Updated

2017-10-11

CVE-2006-1363

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions FreeWPS version 2.11

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by uploading a .php file into the /upload directory as specified in the dirPath parameter, and then performing a direct request to that file. No information is available about the estimated number of potentially affected devices or real-world incidents.

Recommendations For FreeWPS version 2.11, consider restricting access to the images.php file and the /upload directory to prevent arbitrary PHP code execution until a patch is available. Avoid using the dirPath parameter to specify upload directories that can be accessed directly.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1363

Affected Products

Freewps

PT-2006-2372 · Freewps · Freewps

CVE-2006-1363

Related Identifiers

Affected Products

References · 5