PT-2007-5377 · Wikiwebweaver · Wikiwebweaver

Publicado

2007-08-08

Atualizado

2018-10-15

CVE-2007-4182

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WikiWebWeaver versions 1.1 and earlier

Description The issue allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension, such as .gif.php, which is accessible from data/documents/.

Recommendations For WikiWebWeaver versions 1.1 and earlier, consider restricting or disabling the file upload functionality in index.php until a proper fix is available, and ensure that only authorized users can access the data/documents/ directory.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-4182

Produtos afetados

Wikiwebweaver

PT-2007-5377 · Wikiwebweaver · Wikiwebweaver

CVE-2007-4182

Identificadores relacionados

Produtos afetados

Referências · 5