Zero-day Vulnerability Database

Change view:

Zero-day vulnerabilities discovered: 2

Arbitrary file upload in phpWiki
CVE-2007-2024

Unrestricted file upload

The vulnerability allows a remote attacker to execute arbitrary OS commands on vulnerable system.

The vulnerability exists due to insufficient sanitization of filename extension in lib/plugin/UpLoad.php when uploading files via UpLoad feature. A remote attacker can use php3, php4, or php5 extension to bypass implemented protection mechanism, upload and execute malicious PHP file on vulnerable system.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary OS commands vulnerable system with privileges of the web server account.

Note: this vulnerability is being actively exploited.

i

Harold Hallikainen has reported that the upload page fails to properly check extension of uploaded files. This vulnerability was exploited along with CVE-2007-2025.

Software: PhpWiki

Harold Hallikainen has reported that the upload page fails to properly check extension of uploaded files. This vulnerability was exploited along with CVE-2007-2025.

Arbitrary file upload in phpWiki
CVE-2007-2025

Unrestricted file upload

The vulnerability allows a remote attacker to execute arbitrary OS commands on vulnerable system.

The vulnerability exists due to insufficient sanitization of filename extension in lib/plugin/UpLoad.php when uploading files via UpLoad feature. A remote attacker can use php3 extension to bypass implemented protection mechanism, upload and execute malicious PHP file on vulnerable system.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary OS commands vulnerable system with privileges of the web server account.

Note: this vulnerability is being actively exploited.

i

Harold Hallikainen has reported that the upload page fails to properly check the extension of the uploaded files. This vulnerability was exploited along with CVE-2007-2024.

Software: PhpWiki

Harold Hallikainen has reported that the upload page fails to properly check the extension of the uploaded files. This vulnerability was exploited along with CVE-2007-2024.

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.