Strix
26.1K

CVE-2006-2318

UnknownEPSS 2.41%

Last modified

CVE-2006-2318 is a vulnerability of currently unknown severity. Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a ".asa" file, which bypasses the check for the ".asp" extension but is executable on the server.. EPSS estimates a 2.41% chance of exploitation in the next 30 days.

Description

Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a ".asa" file, which bypasses the check for the ".asp" extension but is executable on the server.

Metrics

EPSS Probability
2.41%

82.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Ideal ScienceIdealbb1.4.9
Ideal ScienceIdealbb1.4.9_beta
Ideal ScienceIdealbb1.4.9a
Ideal ScienceIdealbb1.5.0_beta1
Ideal ScienceIdealbb1.5.0_beta2
Ideal ScienceIdealbb1.5.0_beta3
Ideal ScienceIdealbb1.5.0_beta4
Ideal ScienceIdealbb1.5.0_rc1
Ideal ScienceIdealbb1.5.1
Ideal ScienceIdealbb1.5.2
Ideal ScienceIdealbb1.5.2a
Ideal ScienceIdealbb1.5.2b
Ideal ScienceIdealbb1.5.2c
Ideal ScienceIdealbb1.5.3
Ideal ScienceIdealbb1.5.3_beta1
Ideal ScienceIdealbb1.5.3_beta2
Ideal ScienceIdealbb1.5.3a
Ideal ScienceIdealbb1.5.3b
Ideal ScienceIdealbb1.5.4a
Ideal ScienceIdealbb1.5_beta1
Ideal ScienceIdealbb1.5_beta2
Ideal ScienceIdealbb1.5_beta3
Ideal ScienceIdealbb1.5_beta4
Ideal ScienceIdealbb1.5_beta5
Ideal ScienceIdealbb1.5_rc1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-2318?
Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a ".asa" file, which bypasses the check for the ".asp" extension but is executable on the server.
How severe is CVE-2006-2318?
Severity scoring for CVE-2006-2318 is pending analysis. The EPSS model estimates a 2.41% probability of exploitation in the next 30 days.
How do I fix CVE-2006-2318?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-2318?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST