CVE-2006-0922
Last modified
CVE-2006-0922 is a vulnerability of currently unknown severity. CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.. EPSS estimates a 7.96% chance of exploitation in the next 30 days.
Description
CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Devellion | Cubecart | 3.0.0_alpha |
| Devellion | Cubecart | 3.0.0_alpha-2 |
| Devellion | Cubecart | 3.0.0_alpha-rgf |
| Devellion | Cubecart | 3.0.0_beta |
| Devellion | Cubecart | 3.0.0_final |
| Devellion | Cubecart | 3.0.1 |
| Devellion | Cubecart | 3.0.2 |
| Devellion | Cubecart | 3.0.3 |
| Devellion | Cubecart | 3.0.4 |
| Devellion | Cubecart | 3.0.5 |
| Devellion | Cubecart | 3.0.6 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-0922?
How severe is CVE-2006-0922?
How do I fix CVE-2006-0922?
Are you affected by CVE-2006-0922?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST