CVE-2007-0370

Name of the Vulnerable Software and Affected Versions: phpBP versions 2.204 and earlier

Description: The issue allows remote administrators to inject arbitrary PHP code into a file via a banners add operation. This is done by uploading PHP code through an image form parameter with a multiple-extension filename, such as .jpg.vil.gif.php. The uploaded file is stored in the upload/banners/ directory under a different name and can be executed via a direct request. A separate SQL injection issue could potentially be used to make this issue exploitable by remote unauthenticated attackers.

Recommendations: For phpBP versions 2.204 and earlier, consider disabling the banners add operation in index.php until a patch is available to prevent arbitrary PHP code injection. Restrict access to the upload/banners/ directory to minimize the risk of exploitation. Avoid using the image form parameter with multiple-extension filenames to upload files until the issue is resolved.