CVE-2007-2024
published 2007-04-13CVE-2007-2024: Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files…
PriorityP274medium6.8CVSS 2.0
AVNACMAuNCPIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
3.28%
86.9th percentile
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpwiki | phpwiki | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f2wc-3mgf-f3vx: Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad
ghsa_unreviewed·2022-05-01
CVE-2007-2024 [MEDIUM] GHSA-f2wc-3mgf-f3vx: Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
VulnCheck
phpwiki phpwiki Unrestricted Upload of File with Dangerous Type
vulncheck·2007·CVSS 6.8
CVE-2007-2024 [MEDIUM] phpwiki phpwiki Unrestricted Upload of File with Dangerous Type
phpwiki phpwiki Unrestricted Upload of File with Dangerous Type
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
Affected: phpwiki phpwiki
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.kb.cert.org/vuls/id/914793
Suricata
ET WEB_CLIENT Apple Quicktime RTSP Overflow (2)
suricata·2010-07-30
CVE-2007-0015 ET WEB_CLIENT Apple Quicktime RTSP Overflow (2)
ET WEB_CLIENT Apple Quicktime RTSP Overflow (2)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Apple Quicktime RTSP Overflow (2)"; flow:established,to_client; file.data; content:"|27|rtsp|3a|//"; nocase; isdataat:400,relative; content:!"|0a|"; within:400; content:!"|27|"; within:400; reference:cve,2007-0015; reference:bugtraq,21829; classtype:attempted-admin; sid:2003327; rev:11; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_07_30, cve CVE_2007_0015, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_04_11;)
Suricata
ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ASCII
suricata·2010-07-30
CVE-2007-3175 ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ASCII
ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ASCII"; flow:established,to_server; http.uri; content:"/DocPay.w2b?"; nocase; content:"listDocPay="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,2007-3175; reference:url,xforce.iss.net/xforce/xfdb/34593; classtype:web-application-attack; sid:2005190; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2024_01_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access,
Suricata
ET WEB_CLIENT Apple Quicktime RTSP Overflow (1)
suricata·2010-07-30
CVE-2007-0015 ET WEB_CLIENT Apple Quicktime RTSP Overflow (1)
ET WEB_CLIENT Apple Quicktime RTSP Overflow (1)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Apple Quicktime RTSP Overflow (1)"; flow:established,to_client; file.data; content:"|22|rtsp|3a|//"; fast_pattern; nocase; isdataat:400,relative; content:!"|0a|"; within:400; content:!"|22|"; within:400; reference:cve,2007-0015; reference:bugtraq,21829; classtype:attempted-admin; sid:2003326; rev:11; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_07_30, cve CVE_2007_0015, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_04_11;)
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/24888http://secunia.com/advisories/25307http://secunia.com/advisories/26784http://www.debian.org/security/2007/dsa-1371http://www.gentoo.org/security/en/glsa/glsa-200705-16.xmlhttp://www.kb.cert.org/vuls/id/914793http://www.nabble.com/Fwd%3A-Critical-phpwiki-c99shell-exploit-t3571197.htmlhttp://www.securityfocus.com/archive/1/465489/100/0/threadedhttp://www.securityfocus.com/archive/1/465514/100/0/threadedhttp://www.securityfocus.com/archive/1/465550/100/0/threadedhttp://www.vupen.com/english/advisories/2007/1400http://secunia.com/advisories/24888http://secunia.com/advisories/25307http://secunia.com/advisories/26784http://www.debian.org/security/2007/dsa-1371http://www.gentoo.org/security/en/glsa/glsa-200705-16.xmlhttp://www.kb.cert.org/vuls/id/914793http://www.nabble.com/Fwd%3A-Critical-phpwiki-c99shell-exploit-t3571197.htmlhttp://www.securityfocus.com/archive/1/465489/100/0/threadedhttp://www.securityfocus.com/archive/1/465514/100/0/threadedhttp://www.securityfocus.com/archive/1/465550/100/0/threadedhttp://www.vupen.com/english/advisories/2007/1400
2007-04-13
Published
Exploited in the wild