CVE-2006-1485 - Vulnerability Details - OpenCVE

gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Greymatter	Greymatter

Configuration 1 [-]

OR	cpe:2.3:a:greymatter:greymatter::::::::
	cpe:2.3:a:greymatter:greymatter:1.1b:::::::*
	cpe:2.3:a:greymatter:greymatter:1.2:::::::*
	cpe:2.3:a:greymatter:greymatter:1.3:::::::*
	cpe:2.3:a:greymatter:greymatter:1.21:::::::*
	cpe:2.3:a:greymatter:greymatter:1.21a:::::::*
	cpe:2.3:a:greymatter:greymatter:1.21b:::::::*
	cpe:2.3:a:greymatter:greymatter:1.21c:::::::*
	cpe:2.3:a:greymatter:greymatter:1.21d:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/19423
http://www.osvdb.org/24210
http://www.securityfocus.com/bid/17271
http://www.vupen.com/english/advisories/2006/1138
https://exchange.xforce.ibmcloud.com/vulnerabilities/25496

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-29T01:00:00

Updated: 2024-08-07T17:12:22.183Z

Reserved: 2006-03-28T00:00:00

Link: CVE-2006-1485

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-03-29T01:06:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-1485

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17271", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17271"}, {"name": "24210", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24210"}, {"name": "greymatter-gmupload-file-upload(25496)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25496"}, {"name": "ADV-2006-1138", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1138"}, {"name": "19423", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19423"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1485", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17271", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17271"}, {"name": "24210", "refsource": "OSVDB", "url": "http://www.osvdb.org/24210"}, {"name": "greymatter-gmupload-file-upload(25496)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25496"}, {"name": "ADV-2006-1138", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1138"}, {"name": "19423", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19423"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:12:22.183Z"}, "title": "CVE Program Container", "references": [{"name": "17271", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17271"}, {"name": "24210", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24210"}, {"name": "greymatter-gmupload-file-upload(25496)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25496"}, {"name": "ADV-2006-1138", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1138"}, {"name": "19423", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19423"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1485", "datePublished": "2006-03-29T01:00:00", "dateReserved": "2006-03-28T00:00:00", "dateUpdated": "2024-08-07T17:12:22.183Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:greymatter:greymatter:*:*:*:*:*:*:*:*", "matchCriteriaId": "A529C74F-95E2-498C-BBA7-278F4A95262B", "versionEndIncluding": "1.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:greymatter:greymatter:1.1b:*:*:*:*:*:*:*", "matchCriteriaId": "874BAA81-17CC-4DB7-A4CB-15550598B420", "vulnerable": true}, {"criteria": "cpe:2.3:a:greymatter:greymatter:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "10B2D814-E051-4B07-8383-3FC0F2C4B4D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:greymatter:greymatter:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6105C89A-CFE3-44CF-A2A2-5EC22194E3DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:greymatter:greymatter:1.21:*:*:*:*:*:*:*", "matchCriteriaId": "0E73E823-1049-4A35-A991-42165AA1A15B", "vulnerable": true}, {"criteria": "cpe:2.3:a:greymatter:greymatter:1.21a:*:*:*:*:*:*:*", "matchCriteriaId": "1E53B0BA-B8AD-4272-A35C-B97D64C95749", "vulnerable": true}, {"criteria": "cpe:2.3:a:greymatter:greymatter:1.21b:*:*:*:*:*:*:*", "matchCriteriaId": "421B87A0-74BD-4B33-939A-F7651B51C6DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:greymatter:greymatter:1.21c:*:*:*:*:*:*:*", "matchCriteriaId": "47CFB426-4A87-4FE8-9C4E-7BA2304D12DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:greymatter:greymatter:1.21d:*:*:*:*:*:*:*", "matchCriteriaId": "BC60001A-8A59-49CE-A4C0-1F8242317619", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}], "id": "CVE-2006-1485", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-29T01:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19423"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24210"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/17271"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1138"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25496"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19423"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/24210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/17271"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25496"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}