PT-2006-2698 · Sire · Sire

Published

2006-04-11

Updated

2018-10-18

CVE-2006-1704

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Sire version 2.0

Description: The issue allows remote attackers to upload arbitrary image files without authentication by making a direct request to "upload.php".

Recommendations: For version 2.0, restrict access to the "upload.php" endpoint to require authentication before allowing file uploads.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2006-1704

Sire