Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6479

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2007-6479
Last Modified 05 Sep 2008 05:33:20
Published 20 Dec 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-6479

Summary

Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.

Vulnerable Systems

Application

  • Dokeos 1.8.4


References

MILW0RM - 4753

SECUNIA - 28154

XF - dokeos-profile-file-upload(39148)

BID - 26940


Last Updated: 27 May 2016 10:46:31