Vulnerability Description
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| E107 | E107 | 0.7 |
References
- http://osvdb.org/45426
- http://www.g00ns-forum.net/showthread.php?t=9388
- http://www.securityfocus.com/bid/24609
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35022
- https://www.exploit-db.com/exploits/4099
- http://osvdb.org/45426
- http://www.g00ns-forum.net/showthread.php?t=9388
- http://www.securityfocus.com/bid/24609
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35022
- https://www.exploit-db.com/exploits/4099
FAQ
What is CVE-2007-3429?
CVE-2007-3429 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with ...
How severe is CVE-2007-3429?
CVE-2007-3429 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3429?
Check the references section above for vendor advisories and patch information. Affected products include: E107 E107.