CVE-2007-6479
published 2007-12-20CVE-2007-6479: Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote…
PriorityP432medium4.9CVSS 2.0
AVNACMAuSCPIPAN
EXPLOIT
EPSS
1.57%
72.3th percentile
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dokeos | dokeos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/28154http://www.securityfocus.com/bid/26940https://exchange.xforce.ibmcloud.com/vulnerabilities/39148https://www.exploit-db.com/exploits/4753http://secunia.com/advisories/28154http://www.securityfocus.com/bid/26940https://exchange.xforce.ibmcloud.com/vulnerabilities/39148https://www.exploit-db.com/exploits/4753
2007-12-20
Published