PT-2006-4000 · Apache+1 · Mod Mime+2

Rgod

Published

2006-06-21

Updated

2018-10-18

CVE-2006-3102

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Bitweaver version 1.3

Description A race condition exists in the articles/BitArticle.php file of Bitweaver, allowing remote attackers to execute arbitrary PHP code when run on Apache with the mod mime extension. This is achieved by uploading files with double extensions, which are temporarily stored under the webroot in the temp/articles directory.

Recommendations For Bitweaver version 1.3, consider restricting access to the temp/articles directory or implementing validation to prevent uploads of files with double extensions as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3102

Affected Products

Apache

Bitweaver

Mod Mime

PT-2006-4000 · Apache+1 · Mod Mime+2

CVE-2006-3102

Related Identifiers

Affected Products

References · 12