PT-2006-4228 · Twiki · Twiki

Tom Mcadam

Published

2006-07-05

Updated

2011-03-08

CVE-2006-3336

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions TWiki versions 01-Dec-2000 up to 4.0.3

Description The issue allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions. This is only a problem when the server allows script execution in the pub directory.

Recommendations For TWiki versions 01-Dec-2000 up to 4.0.3, restrict script execution in the pub directory to prevent exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3336

Affected Products

Twiki

PT-2006-4228 · Twiki · Twiki

CVE-2006-3336

Related Identifiers

Affected Products

References · 7