Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6479


Vulnerability Score 4.9 4.9
CVE Id CVE-2007-6479
Last Modified 05 Sep 2008 05:33:20
Published 20 Dec 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE



Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.

Vulnerable Systems


  • Dokeos 1.8.4


MILW0RM - 4753

SECUNIA - 28154

XF - dokeos-profile-file-upload(39148)

BID - 26940

Last Updated: 27 May 2016 10:46:31