CVE-2006-2330

PHP-Fusion 6.00.306- - Authenticated RCE

Title source: llm

Description

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.

Exploits (1)

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/1760

View Code ZIP pw:eip

References (8)

[Patch, Vendor Advisory] http://secunia.com/advisories/19992

[Third Party Advisory, VDB Entry] http://www.osvdb.org/25537

[Patch] http://www.php-fusion.co.uk/news.php

[Exploit] http://www.securityfocus.com/bid/17898

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26388

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/433277/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1735

[Third Party Advisory] http://securityreason.com/securityalert/873

Scores

EPSS 0.1147

EPSS Percentile 93.6%

Details

Status published

Products (11)

php_fusion/php_fusion 6.00.3

php_fusion/php_fusion 6.00.105

php_fusion/php_fusion 6.00.106

php_fusion/php_fusion 6.00.107

php_fusion/php_fusion 6.00.109

php_fusion/php_fusion 6.00.110

php_fusion/php_fusion 6.00.204

php_fusion/php_fusion 6.00.206

php_fusion/php_fusion 6.00.303

php_fusion/php_fusion 6.00.304

... and 1 more

Published May 12, 2006

Tracked Since Feb 18, 2026