CVE-2006-3381

SturGeoN Upload - RCE

Title source: llm

Description

SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jihad BENABRA · perlwebappsphp

https://www.exploit-db.com/exploits/28143

View Code ZIP pw:eip

References (4)

[Exploit] http://acidr00t.free.fr/poc/sturgeonupv1.txt

[Exploit] http://www.securityfocus.com/bid/18764

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27612

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/438876/100/0/threaded

Scores

EPSS 0.0317

EPSS Percentile 86.7%

Classification

Status draft

Affected Products (1)

sturgeon_upload/sturgeon_upload

Timeline

Published Jul 06, 2006

Tracked Since Feb 18, 2026