PT-2007-1273 · Ozzywork · Ozzywork Gallery
Dj Remix
·
Published
2007-02-12
·
Updated
2024-01-26
·
CVE-2006-6994
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OzzyWork Gallery versions 2.0 and earlier
Description
The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to upload and execute arbitrary ASP files by bypassing client-side security checks.
Recommendations
For OzzyWork Gallery versions 2.0 and earlier, consider disabling the file upload functionality in add.asp until a patch is available to prevent the upload and execution of arbitrary ASP files. Restrict access to the add.asp module to minimize the risk of exploitation.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ozzywork Gallery