CVE-2007-2024

Name of the Vulnerable Software and Affected Versions PhpWiki versions 1.3.x

Description The issue concerns an unrestricted file upload vulnerability in the UpLoad feature, specifically in the lib/plugin/UpLoad.php file. This allows remote attackers to upload arbitrary PHP files with various extensions, including php3, php4, or php5.

Recommendations For PhpWiki versions 1.3.x, restrict access to the UpLoad feature in lib/plugin/UpLoad.php to prevent arbitrary file uploads until a patch is available. Consider temporarily disabling the UpLoad feature as a mitigation measure to minimize the risk of exploitation.