CVE-2006-3939

Name of the Vulnerable Software and Affected Versions ScriptsCenter ezUpload Pro version 2.2.0

Description The issue allows remote attackers to perform administrative activities without authentication. This can be achieved through various PHP files, including filter.php, which allows changing the Extensions Mode file type, access.php for changing the Protection Method, edituser.php for adding upload capabilities to user accounts, settings.php for changing the admin information, and index.php for uploading arbitrary files.

Recommendations For ScriptsCenter ezUpload Pro version 2.2.0, consider temporarily restricting access to the mentioned PHP files (filter.php, access.php, edituser.php, settings.php, and index.php) until a patch is available. As a workaround, restrict the functionality provided by these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.