Back to search
CVE-2006-3336
Published: Jul 5, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2006-2677
vdb-entry
x_refsource_VUPEN
20992
third-party-advisory
x_refsource_SECUNIA
http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads
x_refsource_CONFIRM
18854
vdb-entry
x_refsource_BID
1016458
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now