CVE-2007-1639 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-1639
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1639

Description: Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management module, or possibly unspecified other files.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/32995 SREASON http://securityreason.com/securityalert/2476 SAID Secunia Advisory: SA24509 Secunia Advisory: SA25748 OSVDB 35163 MISC http://www.nruns.de/security_advisory_phprojekt_privilege_escalation.php GENTOO http://security.gentoo.org/glsa/glsa-200706-07.xml CONFIRM http://www.phprojekt.com/index.php?name=News&file=article&sid=276 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/462785/100/100/threaded BID 22956

Return to the previous page.