CVE-2006-2931

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

21/06/2006

Last modified:

03/04/2025

Description

CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files.

Impact

Vector 2.0

AV:N/AC:H/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 5.10 MEDIUM
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): High
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

5.10

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:hotwebscripts:cms_mundo:1.0:::::::*
cpe:2.3:a:hotwebscripts:cms_mundo:1.0_build_007:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://secunia.com/advisories/20362
http://secunia.com/secunia_research/2006-43/advisory/
http://securitytracker.com/id?1016311=
http://www.osvdb.org/26465
http://www.securityfocus.com/archive/1/437183/100/200/threaded
http://www.vupen.com/english/advisories/2006/2348
https://exchange.xforce.ibmcloud.com/vulnerabilities/27094
http://secunia.com/advisories/20362
http://secunia.com/secunia_research/2006-43/advisory/
http://securitytracker.com/id?1016311=
http://www.osvdb.org/26465
http://www.securityfocus.com/archive/1/437183/100/200/threaded
http://www.vupen.com/english/advisories/2006/2348
https://exchange.xforce.ibmcloud.com/vulnerabilities/27094