Vulnerability Details CVE-2006-1207
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://biyosecurity.be/bugs/phpuploadcenter2.txt
- http://www.blogcu.com/Liz0ziM/317250/
- http://www.osvdb.org/23627
- http://www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html
- http://www.securityfocus.com/archive/1/427215/100/0/threaded
- http://biyosecurity.be/bugs/phpuploadcenter2.txt
- http://www.blogcu.com/Liz0ziM/317250/
- http://www.osvdb.org/23627
- http://www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html
- http://www.securityfocus.com/archive/1/427215/100/0/threaded
Products affected by CVE-2006-1207
-
cpe:2.3:a:sergey_korostel:php_upload_center:*