CVE-2007-5071

by Fred · 24/09/2007

Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.

Date published : 2007-09-24

http://www.securityfocus.com/bid/25747

http://www.securityfocus.com/archive/1/480092/100/0/threaded

CVE-2007-5071

Similar

Recent Posts

Categories

CVE-2007-5071

Share this:

Similar

Recent Posts

Categories

Tags