Vulnerability Details CVE-2006-5833
gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.066
EPSS Ranking 90.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://newhack.org/advisories/GreenBeastCMS.txt
- http://secunia.com/advisories/22769
- http://securityreason.com/securityalert/1841
- http://securitytracker.com/id?1017176
- http://www.securityfocus.com/archive/1/450785/100/0/threaded
- http://www.securityfocus.com/bid/20950
- http://www.vupen.com/english/advisories/2006/4416
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30069
- http://newhack.org/advisories/GreenBeastCMS.txt
- http://secunia.com/advisories/22769
- http://securityreason.com/securityalert/1841
- http://securitytracker.com/id?1017176
- http://www.securityfocus.com/archive/1/450785/100/0/threaded
- http://www.securityfocus.com/bid/20950
- http://www.vupen.com/english/advisories/2006/4416
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30069
Products affected by CVE-2006-5833
-
cpe:2.3:a:greenbeast_cms:greenbeast_cms:1.3