Back to CVE Browser

CVE-2007-1139

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1280%

EPSS Percentile24.16th

PublishedMar 2, 2007

Last ModifiedApr 23, 2026

Vulnerability Description

Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.

Affected Platforms (CPE)

📦

Cromosoft

Simple Plantilla Php

All versions

References & Advisories

🔗 http://osvdb.org/33139

🔗 http://securityreason.com/securityalert/2332

🔗 http://www.securityfocus.com/archive/1/460913/100/0/threaded

🔗 http://www.securityfocus.com/bid/22669

🔗 http://osvdb.org/33139

🔗 http://securityreason.com/securityalert/2332

🔗 http://www.securityfocus.com/archive/1/460913/100/0/threaded

🔗 http://www.securityfocus.com/bid/22669

Related Vulnerabilities

CVE-2007-11385.0

Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to li...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-256410.0

Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remot...