CVE-2006-5845

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Speedywiki version 2.0

Description The issue allows remote authenticated users to upload and execute arbitrary PHP code. This is achieved by setting the upload parameter to 1 in the index.php file.

Recommendations For Speedywiki version 2.0, consider restricting access to the index.php file to prevent unauthorized uploads until a patch is available. As a temporary workaround, disable the file upload functionality in index.php to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2006-5845

Affected Products

Speedywiki

CVE-2006-5845

Weakness Enumeration

Related Identifiers

Affected Products

References · 7