Vulnerability Details : CVE-2006-4977
Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2006-4977
Probability of exploitation activity in the next 30 days: 2.68%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-4977
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2006-4977
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28995
-
http://www.morx.org/phpquiz.txt
Exploit
- http://www.securityfocus.com/bid/20065
- https://www.exploit-db.com/exploits/2376
- http://www.vupen.com/english/advisories/2006/3693
- http://securityreason.com/securityalert/1627
- http://www.securityfocus.com/archive/1/446315/100/0/threaded
Products affected by CVE-2006-4977
- cpe:2.3:a:walter_beschmout:phpquiz:*:*:*:*:*:*:*:*