CVE-2006-0702

EPSS 7.1%

admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/27200unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/18802 https://exchange.xforce.ibmcloud.com/vulnerabilities/24633 http://www.securityfocus.com/archive/1/424745/30/0/threaded http://www.securityfocus.com/bid/16594 http://www.vupen.com/english/advisories/2006/0570