CVE-2007-5071 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2007-5071?

CVE-2007-5071 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-5071?

Check the references section above for vendor advisories and patch information. Affected products include: Alexander Palmo Simple Php Blog.

Vulnerability Description

Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Alexander Palmo	Simple Php Blog	<= 0.5.0.1

Related Weaknesses (CWE)

CWE-16

References

FAQ

What is CVE-2007-5071?

CVE-2007-5071 is a vulnerability with a CVSS score of 7.5 (HIGH). Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename end...

How severe is CVE-2007-5071?

CVE-2007-5071 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-5071?

Check the references section above for vendor advisories and patch information. Affected products include: Alexander Palmo Simple Php Blog.