// For flags

CVE-2006-3336

 

Severity Score

4.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.

Vulnerabilidad en TWiki desde la versión del 01-Dic-2000 hasta la versión v4.0.3 que permite a atacantes remotos saltarse el "upload filter" (filtro o control de subida) y ejecutar código de su elección a traves de nombres de ficheros con dos extensiones como ".php.en", ".php.1" y otras extensiones disponibles que no son .txt. NOTA: para que se produzca esta vulnerabilidad el servidor debe permiter la ejecución de scripts en un directorio público.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-07-02 CVE Reserved
  • 2006-07-05 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-10-24 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0
Search vendor "Twiki" for product "Twiki" and version "4.0"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0.0
Search vendor "Twiki" for product "Twiki" and version "4.0.0"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0.1
Search vendor "Twiki" for product "Twiki" and version "4.0.1"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0.2
Search vendor "Twiki" for product "Twiki" and version "4.0.2"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0.3
Search vendor "Twiki" for product "Twiki" and version "4.0.3"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 2000-12-01
Search vendor "Twiki" for product "Twiki" and version "2000-12-01"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 2001-09-01
Search vendor "Twiki" for product "Twiki" and version "2001-09-01"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 2001-12-01
Search vendor "Twiki" for product "Twiki" and version "2001-12-01"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 2003-02-01
Search vendor "Twiki" for product "Twiki" and version "2003-02-01"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 2004-09-01
Search vendor "Twiki" for product "Twiki" and version "2004-09-01"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 2004-09-02
Search vendor "Twiki" for product "Twiki" and version "2004-09-02"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 2004-09-03
Search vendor "Twiki" for product "Twiki" and version "2004-09-03"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 2004-09-04
Search vendor "Twiki" for product "Twiki" and version "2004-09-04"
-
Affected