Vulnerability Details CVE-2006-1371
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.142
EPSS Ranking 94.0%
CVSS Severity
CVSS v2 Score 9.0
References
- http://secunia.com/advisories/19353
- http://www.attrition.org/pipermail/vim/2006-March/000649.html
- http://www.osvdb.org/24058
- http://www.osvdb.org/24059
- http://www.securityfocus.com/bid/17209
- http://www.vupen.com/english/advisories/2006/1052
- http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25399
- https://www.exploit-db.com/exploits/1605
- http://secunia.com/advisories/19353
- http://www.attrition.org/pipermail/vim/2006-March/000649.html
- http://www.osvdb.org/24058
- http://www.osvdb.org/24059
- http://www.securityfocus.com/bid/17209
- http://www.vupen.com/english/advisories/2006/1052
- http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25399
- https://www.exploit-db.com/exploits/1605