Unrated severityNVD Advisory· Published Dec 14, 2006· Updated Jun 16, 2026
CVE-2006-6511
CVE-2006-6511
Description
dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php).
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.