Vulnerability Details CVE-2006-2695
admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 83.1%
CVSS Severity
CVSS v2 Score 5.1
References
- http://pridels0.blogspot.com/2006/05/dgnews-v-15-file-upload-vuln.html
- http://secunia.com/advisories/20340
- http://securitytracker.com/id?1016174
- http://www.vupen.com/english/advisories/2006/2054
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26790
- http://pridels0.blogspot.com/2006/05/dgnews-v-15-file-upload-vuln.html
- http://secunia.com/advisories/20340
- http://securitytracker.com/id?1016174
- http://www.vupen.com/english/advisories/2006/2054
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26790