Vulnerability Description
Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cuyahoga | Cuyahoga | <= 1.0.0 |
References
- http://cuyahoga.svn.sourceforge.net/viewvc/cuyahoga?view=rev&revision=551Patch
- http://osvdb.org/32643
- http://secunia.com/advisories/23662PatchVendor Advisory
- http://www.cuyahoga-project.org/10/section.aspx/61Patch
- http://www.securityfocus.com/bid/21927
- http://cuyahoga.svn.sourceforge.net/viewvc/cuyahoga?view=rev&revision=551Patch
- http://osvdb.org/32643
- http://secunia.com/advisories/23662PatchVendor Advisory
- http://www.cuyahoga-project.org/10/section.aspx/61Patch
- http://www.securityfocus.com/bid/21927
FAQ
What is CVE-2007-0147?
CVE-2007-0147 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for...
How severe is CVE-2007-0147?
CVE-2007-0147 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0147?
Check the references section above for vendor advisories and patch information. Affected products include: Cuyahoga Cuyahoga.