INFORMATION

Name : CVE-2010-0366 First Publication : 2010-01-21
Severity : Critical Last Modification : 2010-01-22

SCORING CVSS v2

Cvss Base Score : 10 Attack Range : Network
Cvss Impact Score : 10 Attack Complexity : Low
Cvss Expoit Score : 10 Authentification : None Required

Calculate full CVSS 2.0 Vectors scores

DETAIL

Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.



CWE COMMON WEAKNESS ENUMERATION

CWE-20 - Improper Input Validation

CPE COMMON PLATFORM ENUMERATION


OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

61893 : Bits Video Script register.php File Upload Arbitrary PHP Code Execution.
61826 : Bits Video Script addvideo.php File Upload Arbitrary PHP Code Execution.


SECONDARY(S) SOURCE(S)


Source : MISC
Url : http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt

Source : OSVDB
Url : http://osvdb.org/61826

Source : SECUNIA
Url : http://secunia.com/advisories/38252

Source : XF
Url : http://xforce.iss.net/xforce/xfdb/55738