CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-6479

Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.028

EPSS Ranking 85.5%

CVSS Severity

CVSS v2 Score 4.9

References

http://secunia.com/advisories/28154
http://www.securityfocus.com/bid/26940
https://exchange.xforce.ibmcloud.com/vulnerabilities/39148
https://www.exploit-db.com/exploits/4753
http://secunia.com/advisories/28154
http://www.securityfocus.com/bid/26940
https://exchange.xforce.ibmcloud.com/vulnerabilities/39148
https://www.exploit-db.com/exploits/4753

Products affected by CVE-2007-6479

Dokeos » Dokeos » Version: 1.8.4

cpe:2.3:a:dokeos:dokeos:1.8.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-6479

Products

Pricing

Contact Us