CVE-2006-4558
Last modified
CVE-2006-4558 is a vulnerability of currently unknown severity. DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.. EPSS estimates a 4.16% chance of exploitation in the next 30 days.
Description
DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Deluxebb | Deluxebb | <= 1.06 |
References
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0318.htmlBroken Link, Exploit
- http://retrogod.altervista.org/deluxebb_106_xpl.htmlBroken Link, Exploit
- http://secunia.com/advisories/20135Broken Link, Patch, Vendor Advisory
- http://securityreason.com/securityalert/1492Exploit, Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26485Third Party Advisory, VDB Entry
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0318.htmlBroken Link, Exploit
- http://retrogod.altervista.org/deluxebb_106_xpl.htmlBroken Link, Exploit
- http://secunia.com/advisories/20135Broken Link, Patch, Vendor Advisory
- http://securityreason.com/securityalert/1492Exploit, Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26485Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4558?
How severe is CVE-2006-4558?
How do I fix CVE-2006-4558?
Are you affected by CVE-2006-4558?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST