CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-2025

HIGH
7.5
CVSS Severity Score
EPSS Score0.0350%
EPSS Percentile1.03th
Published2007年4月13日
Last Modified2026年4月23日

Vulnerability Description

Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.

Affected Platforms (CPE)

📦
Phpwiki

Phpwiki

= 1.3.11p1

References & Advisories

🔗 http://secunia.com/advisories/25307
🔗 http://secunia.com/advisories/26784
🔗 http://www.debian.org/security/2007/dsa-1371
🔗 http://www.gentoo.org/security/en/glsa/glsa-200705-16.xml
🔗 http://www.nabble.com/Important-UpLoad-security-fix%21-was--Fwd%3A--phpwiki---Open-Discussion--RE%3A-upload-security-risk--t3543463.html
🔗 https://sourceforge.net/forum/message.php?msg_id=4249177
🔗 http://secunia.com/advisories/25307
🔗 http://secunia.com/advisories/26784

相關漏洞威脅

CVE-2007-319310.0

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remo...

CVE-2017-79818.8

Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki compon...

CVE-2002-10707.5

Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki user...

CVE-2014-55197.5

The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option...