CVE-2006-3015

Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces…

mitre·CWE-88·Published 2006-06-14

CVSS

—

EPSS

0.06

KEV

Exploits

cve.orgen

189 chars

Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.

NVDen

189 chars

Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.

NVDes

220 chars

Vulnerabilidad de inyección de argumento en WinSCP 3.8.1 build 328 permite a atacantes remotos subir o descargar archivos arbitrarios a través de espacios codificados y caracteres de comillas dobles en un URI scp o sftp.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.1	4.9	9.2	AV:N/AC:H/Au:N/C:C/I:C/A:N