QwikSec

Security Database

CVE

CWE

Training

CVE-2007-5071

Published: Sep 24, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

simplephpblog-uploadimgcgi-file-upload(36785)

vdb-entry

x_refsource_XF

http://www.securenetwork.it/ricerca/advisory/download/SN-2007-03.txt

x_refsource_MISC

http://www.simplephpblog.com/comments.php?y=07&m=09&entry=entry070923-004446

x_refsource_CONFIRM

http://www.simplephpblog.com/index.php?m=09&y=07

x_refsource_CONFIRM

20070925 Simple PHP Blog Multiple Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

20070920 SimplePHPBlog Hacking

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.