Security Advisory

CVE-2006-2330

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-05-12 00:00:00

Last updated 2024-08-07 17:43:29

Assigner mitre

State PUBLISHED

Description

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.

← Browse all CVEs View on cve.org ↗