CVE-2007-5071
published 2007-09-24CVE-2007-5071: Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute…
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.02%
85.8th percentile
Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alexander_palmo | simple_php_blog | <= 0.5.0.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/26968http://www.securenetwork.it/ricerca/advisory/download/SN-2007-03.txthttp://www.securityfocus.com/archive/1/480092/100/0/threadedhttp://www.securityfocus.com/archive/1/480569/100/0/threadedhttp://www.securityfocus.com/bid/25747http://www.simplephpblog.com/comments.php?y=07&m=09&entry=entry070923-004446http://www.simplephpblog.com/index.php?m=09&y=07https://exchange.xforce.ibmcloud.com/vulnerabilities/36785http://secunia.com/advisories/26968http://www.securenetwork.it/ricerca/advisory/download/SN-2007-03.txthttp://www.securityfocus.com/archive/1/480092/100/0/threadedhttp://www.securityfocus.com/archive/1/480569/100/0/threadedhttp://www.securityfocus.com/bid/25747http://www.simplephpblog.com/comments.php?y=07&m=09&entry=entry070923-004446http://www.simplephpblog.com/index.php?m=09&y=07https://exchange.xforce.ibmcloud.com/vulnerabilities/36785
2007-09-24
Published