Secunia
Login
|
|
CVE Reference: CVE-2007-5156 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-5156 |
|
|
Description: Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/42425 http://xforce.iss.net/xforce/xfdb/42733 http://xforce.iss.net/xforce/xfdb/44455 SREASON http://securityreason.com/securityalert/3182 SAID Secunia Advisory: SA27123 Secunia Advisory: SA27174 MISC http://downloads.securityfocus.com/vulnerabilities/exploits/30677.php http://dev.fckeditor.net/ticket/1325 http://dev.fckeditor.net/changeset/973 http://www.waraxe.us/advisory-57.html MILW0RM http://www.milw0rm.com/exploits/5688 http://www.milw0rm.com/exploits/5618 CONFIRM http://sourceforge.net/forum/forum.php?forum_id=743930 http://sourceforge.net/project/shownotes.php?release_id=546000 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/480830/100/0/threaded BID 29422 30677 |
|
| Return to the previous page. |
