CVE-2006-7133

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Upload Tool for PHP version 1.0

Description The issue allows remote attackers to read arbitrary files via directory traversal attacks using ".." sequences or absolute pathnames in the filename parameter of the /upload/bin/download.php API endpoint.

Recommendations For Upload Tool for PHP version 1.0, consider restricting access to the /upload/bin/download.php endpoint until a patch is available, and avoid using absolute pathnames or ".." sequences in the filename parameter to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-7133

Affected Products

Upload Tool For Php

CVE-2006-7133

Related Identifiers

Affected Products

References · 7