cbcvebase.
CVE-2006-3015
published 2006-06-14

CVE-2006-3015: Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote…

PriorityP338high7.1CVSS 2.0
AVNACHAuNCCICAN
EXPLOIT
EPSS
6.33%
92.8th percentile
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.

Affected

12 ranges
VendorProductVersion rangeFixed in
winscpwinscp
winscpwinscp
winscpwinscp
winscpwinscp
winscpwinscp
winscpwinscp
winscpwinscp
winscpwinscp
winscpwinscp
winscpwinscp
winscpwinscp
winscpwinscp
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.