PT-2007-5377 · Wikiwebweaver · Wikiwebweaver

Published

2007-08-08

Updated

2018-10-15

CVE-2007-4182

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WikiWebWeaver versions 1.1 and earlier

Description The issue allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension, such as .gif.php, which is accessible from data/documents/.

Recommendations For WikiWebWeaver versions 1.1 and earlier, consider restricting or disabling the file upload functionality in index.php until a proper fix is available, and ensure that only authorized users can access the data/documents/ directory.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4182

Affected Products

Wikiwebweaver

PT-2007-5377 · Wikiwebweaver · Wikiwebweaver

CVE-2007-4182

Related Identifiers

Affected Products

References · 5