CVE-2006-3939
Last modified
CVE-2006-3939 is a vulnerability of currently unknown severity. ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files.. EPSS estimates a 1.55% chance of exploitation in the next 30 days.
Description
ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Scriptscenter | Ezupload Pro | 2.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-3939?
How severe is CVE-2006-3939?
How do I fix CVE-2006-3939?
Are you affected by CVE-2006-3939?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST