Vulnerability Details CVE-2007-3429
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.1%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/45426
- http://www.g00ns-forum.net/showthread.php?t=9388
- http://www.securityfocus.com/bid/24609
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35022
- https://www.exploit-db.com/exploits/4099
- http://osvdb.org/45426
- http://www.g00ns-forum.net/showthread.php?t=9388
- http://www.securityfocus.com/bid/24609
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35022
- https://www.exploit-db.com/exploits/4099
Products affected by CVE-2007-3429
-
cpe:2.3:a:e107:e107:0.7
-
cpe:2.3:a:e107:e107:0.7.1
-
cpe:2.3:a:e107:e107:0.7.2
-
cpe:2.3:a:e107:e107:0.7.3
-
cpe:2.3:a:e107:e107:0.7.4
-
cpe:2.3:a:e107:e107:0.7.5
-
cpe:2.3:a:e107:e107:0.7.6
-
cpe:2.3:a:e107:e107:0.7.7
-
cpe:2.3:a:e107:e107:0.7.8