CVE-2006-6783

logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Logahead_unu	Logahead	1.0 (including)	1.0 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://logahead.com/forums/comments.php?DiscussionID=216
http://secunia.com/advisories/23470
http://securityreason.com/securityalert/2071
http://securitytracker.com/id?1017444
http://www.securityfocus.com/archive/1/455307/100/0/threaded
http://www.securityfocus.com/bid/21743
http://www.vupen.com/english/advisories/2006/5184

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-6783
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References