Vulnerability Details CVE-2006-1363
images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.057
EPSS Ranking 90.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/19343
- http://www.vupen.com/english/advisories/2006/1038
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25377
- https://www.exploit-db.com/exploits/1600
- http://secunia.com/advisories/19343
- http://www.vupen.com/english/advisories/2006/1038
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25377
- https://www.exploit-db.com/exploits/1600
Products affected by CVE-2006-1363
-
cpe:2.3:a:justin_white:freewps:2.11