PT-2006-5720 · Phpquiz · Phpquiz

Simo64

Published

2006-09-25

Updated

2018-10-17

CVE-2006-4977

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PhpQuiz versions 1.2 and earlier

Description The issue allows remote attackers to upload arbitrary PHP code to the phpquiz/img quiz folder via the upload, ok update, image, and path parameters in the back/upload img.php and admin/upload img.php files. This might require directory traversal sequences in the path parameter.

Recommendations For PhpQuiz versions 1.2 and earlier, restrict access to the back/upload img.php and admin/upload img.php files to minimize the risk of exploitation. Avoid using the upload, ok update, image, and path parameters in these files until the issue is resolved. As a temporary workaround, consider disabling the file upload functionality in these files until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4977

Affected Products

Phpquiz

PT-2006-5720 · Phpquiz · Phpquiz

CVE-2006-4977

Related Identifiers

Affected Products

References · 9