Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5071

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5071
Last Modified 05 Sep 2008 05:29:49
Published 24 Sep 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5071

Summary

Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.

Vulnerable Systems

Application

  • Alexander Palmo Simple Php Blog 0.5.0.1


References

XF - simplephpblog-uploadimgcgi-file-upload(36785)

CONFIRM - http://www.simplephpblog.com/index.php?m=09&y=07

CONFIRM - http://www.simplephpblog.com/comments.php?y=07&m=09&entry=entry070923-004446

BID - 25747

BUGTRAQ - 20070925 Simple PHP Blog Multiple Vulnerabilities

BUGTRAQ - 20070920 SimplePHPBlog Hacking

MISC - http://www.securenetwork.it/ricerca/advisory/download/SN-2007-03.txt

SECUNIA - 26968


Last Updated: 27 May 2016 10:46:04