PT-2006-5674 · Starnet · Site@School

Simo Ben Youssef

Published

2006-09-21

Updated

2017-10-19

CVE-2006-4922

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Site@School versions 2.4.02 and earlier

Description The issue concerns an unrestricted file upload vulnerability. This vulnerability allows remote attackers to upload and execute arbitrary files with executable extensions.

Recommendations For versions 2.4.02 and earlier, consider restricting access to the starnet/editors/htmlarea/popups/images.php file until a patch is available. As a temporary workaround, disable the execution of files with executable extensions in the affected directory to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4922

Affected Products

Site@School

PT-2006-5674 · Starnet · Site@School

CVE-2006-4922

Related Identifiers

Affected Products

References · 5