PT-2007-5698 · Phphq.Net · Phphq.Net Phuploader

Published

2007-08-25

Updated

2008-11-15

CVE-2007-4527

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phphq.Net phUploader version 1.2

Description The issue concerns an unrestricted file upload vulnerability in the phUploader.php file. This allows remote attackers to upload and execute arbitrary code. The exact vectors used for the attack are not specified.

Recommendations For version 1.2, consider restricting or disabling the file upload functionality in phUploader.php until a fix is available. As a temporary workaround, restrict access to the phUploader.php file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4527

Affected Products

Phphq.Net Phuploader

PT-2007-5698 · Phphq.Net · Phphq.Net Phuploader

CVE-2007-4527

Related Identifiers

Affected Products

References · 4