CVE-2006-3158

index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.

🔗 References (14)

• cve@mitrehttp://secunia.com/advisories/20731
• cve@mitrehttp://www.biyosecurity.be/bugs/meeting.txt
• cve@mitrehttp://www.osvdb.org/26627
• cve@mitrehttp://www.securityfocus.com/archive/1/437992/100/0/threaded
• cve@mitrehttp://www.securityfocus.com/bid/18499
• cve@mitrehttp://www.vupen.com/english/advisories/2006/2428
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/27296
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20731
• af854a3a-2127-422b-91ae-364da2661108http://www.biyosecurity.be/bugs/meeting.txt
• af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/26627
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/437992/100/0/threaded
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18499
• af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2428
• af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/27296