CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-6549

PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby instructions say "SET THE SAVE PATH by editing the line below.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.7%

CVSS Severity

CVSS v2 Score 7.5

References

http://securityreason.com/securityalert/2034
http://www.securityfocus.com/archive/1/454175/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/30864
http://securityreason.com/securityalert/2034
http://www.securityfocus.com/archive/1/454175/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/30864

Products affected by CVE-2006-6549

Rad Inks » Rad Upload » Version: 3.02

cpe:2.3:a:rad_inks:rad_upload:3.02

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-6549

Products

Pricing

Contact Us