CVE-2006-6994

Indirmax.org Ozzywork Galeri < 2.0 - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.

References (6)

[Third Party Advisory] http://marc.info/?l=bugtraq&m=114723238307299&w=2

[Broken Link, Permissions Required] http://secunia.com/advisories/20049

[Broken Link] http://www.osvdb.org/25427

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/17946

[Broken Link, Not Applicable] http://www.vupen.com/english/advisories/2006/1768

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26365

Scores

EPSS 0.0130

EPSS Percentile 79.5%

Classification

CWE

CWE-434

Status draft

Affected Products (1)

indirmax.org/ozzywork_galeri < 2.0

Timeline

Published Feb 12, 2007

Tracked Since Feb 18, 2026