Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5307

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5307
Last Modified 05 Sep 2008 05:30:25
Published 09 Oct 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5307

Summary

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in ELSEIF CMS.

Vulnerable Systems

Application

  • Yannick Tanguy Else If Cms 0.6-beta


References

BID - 25951

BUGTRAQ - 20071006 Else If cms Multiple Remote vulnerabilities

XF - elseif-upload-file-upload(37009)

SREASON - 3204


Last Updated: 27 May 2016 10:46:08