CVE-2006-2319

critical

Description

Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26353

http://www.vupen.com/english/advisories/2006/1729

http://www.securityfocus.com/bid/17920

http://www.securityfocus.com/archive/1/433248/100/0/threaded

http://www.osvdb.org/25456

http://www.idealscience.com/ibb/posts.aspx?postID=24415

http://securityreason.com/securityalert/871

http://secunia.com/advisories/20035

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045887.html

Details

Source: Mitre, NVD

Published: 2006-05-12

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00894

Detections

Analytics