CVE-2006-3158 Information

Description

index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.

Reference

http://secunia.com/advisories/20731 http://www.biyosecurity.be/bugs/meeting.txt http://www.osvdb.org/26627 http://www.securityfocus.com/archive/1/437992/100/0/threaded http://www.securityfocus.com/bid/18499 http://www.vupen.com/english/advisories/2006/2428 https://exchange.xforce.ibmcloud.com/vulnerabilities/27296