CVE-2006-6783

logahead UNU 1.0 <20061226 - Auth Bypass

Title source: llm

Description

logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information.

References (7)

[Various Sources] http://logahead.com/forums/comments.php?DiscussionID=216

[Vendor Advisory] http://secunia.com/advisories/23470

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017444

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/5184

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/455307/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21743

[Third Party Advisory] http://securityreason.com/securityalert/2071

Scores

EPSS 0.0098

EPSS Percentile 76.5%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

logahead/logahead_unu

Timeline

Published Dec 28, 2006

Tracked Since Feb 18, 2026