CVE-2007-2025

Name of the Vulnerable Software and Affected Versions PhpWiki version 1.3.11p1

Description The issue concerns an unrestricted file upload vulnerability in the UpLoad feature, specifically in the lib/plugin/UpLoad.php file. This allows remote attackers to upload arbitrary PHP files, potentially by using a double extension, which can be interpreted by Apache as a valid PHP file.

Recommendations For PhpWiki version 1.3.11p1, consider restricting or disabling the UpLoad feature in lib/plugin/UpLoad.php until a proper fix is available to prevent the upload of arbitrary PHP files.