CVE-2006-3102

{"id": "CVE-2006-3102", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-06-21T01:02:00.000", "references": [{"url": "http://retrogod.altervista.org/bitweaver_13_xpl.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20695", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1115", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358", "source": "cve@mitre.org"}, {"url": "http://www.bitweaver.org/articles/45", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/26587", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/437491/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2405", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27215", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/1918", "source": "cve@mitre.org"}, {"url": "http://retrogod.altervista.org/bitweaver_13_xpl.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/20695", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/1115", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.bitweaver.org/articles/45", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/26587", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/437491/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/2405", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27215", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/1918", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory."}, {"lang": "es", "value": "Condici\u00f3n de carrera en los art\u00edculos / BitArticle.php en Bitweaver v1.3, cuando se ejecuta en Apache con la extensi\u00f3n mod_mime, permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario mediante la subida de archivos arbitrarios con doble extensi\u00f3n, que se almacenan durante un peque\u00f1o periodo de tiempo en el webroot en el directorio temp/articles"}], "lastModified": "2024-11-21T00:12:49.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bitweaver:bitweaver:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5657A816-9C53-4D97-90C4-357FCCA7057D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}