Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6527

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2007-6527
Last Modified 15 Nov 2008 02:04:56
Published 27 Dec 2007 05:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6527

Summary

uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type.

Vulnerable Systems

Application

  • Rickard Andersson Punbb 1.3.3


References

XF - punbb-uploadimg-file-upload(39150)

MISC - http://www.fortconsult.net/images/pdf/advisories/punBB_imgUpload.pdf

SECUNIA - 28138

OSVDB - 42809


Last Updated: 27 May 2016 10:46:31