Zero-day vulnerability in PhpWiki

Unrestricted file upload
CVE-2007-2025

Harold Hallikainen has reported that the upload page fails to properly check the extension of the uploaded files. This vulnerability was exploited along with CVE-2007-2024.

Vulnerability details

Advisory: SB2007040801 - Arbitrary file upload in phpWiki

Vulnerable component: PhpWiki

CVE-ID: CVE-2007-2025

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Description:

The vulnerability allows a remote attacker to execute arbitrary OS commands on vulnerable system.

The vulnerability exists due to insufficient sanitization of filename extension in lib/plugin/UpLoad.php when uploading files via UpLoad feature. A remote attacker can use php3 extension to bypass implemented protection mechanism, upload and execute malicious PHP file on vulnerable system.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary OS commands vulnerable system with privileges of the web server account.

Note: this vulnerability is being actively exploited.

External links:

http://www.kb.cert.org/vuls/id/914793
https://security.gentoo.org/glsa/200705-16
https://sourceforge.net/p/phpwiki/discussion/18928/thread/65c3380d/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441390

About zero-day vulnerabilities

Zero-day vulnerability is an undisclosed vulnerability in software that hackers can exploit to compromise computer programs, gain unauthorized access to sensitive data, penetrate networks, etc. We consider vulnerability a zero-day when there is no solution provided from software vendor and the vulnerability is being actively exploited by malicious actors.

Zero-day candidate is a potential zero-day vulnerability in software which might have been used in targeted attacks, however there is no evidence to support this suggestion.