Back to search
CVE-2007-6479
Published: Dec 20, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
26940
vdb-entry
x_refsource_BID
dokeos-profile-file-upload(39148)
vdb-entry
x_refsource_XF
28154
third-party-advisory
x_refsource_SECUNIA
4753
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now