PT-2007-3369 · Apache+1 · Apache+1

Harold Hallikainen

Published

2007-04-13

Updated

2008-09-05

CVE-2007-2025

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PhpWiki version 1.3.11p1

Description The issue concerns an unrestricted file upload vulnerability in the UpLoad feature, specifically in the lib/plugin/UpLoad.php file. This allows remote attackers to upload arbitrary PHP files, potentially by using a double extension, which can be interpreted by Apache as a valid PHP file.

Recommendations For PhpWiki version 1.3.11p1, consider restricting or disabling the UpLoad feature in lib/plugin/UpLoad.php until a proper fix is available to prevent the upload of arbitrary PHP files.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2025

DSA-1371-1

Affected Products

Apache

Phpwiki

PT-2007-3369 · Apache+1 · Apache+1

CVE-2007-2025

Related Identifiers

Affected Products

References · 7