SB2007040801 - Arbitrary file upload in phpWiki

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2007040801

SB2007040801 - Arbitrary file upload in phpWiki

Published: April 8, 2007 Updated: December 16, 2016

Security Bulletin ID SB2007040801
Severity
Critical
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Unrestricted file upload (CVE-ID: CVE-2007-2025)

The vulnerability allows a remote attacker to execute arbitrary OS commands on vulnerable system.

The vulnerability exists due to insufficient sanitization of filename extension in lib/plugin/UpLoad.php when uploading files via UpLoad feature. A remote attacker can use php3 extension to bypass implemented protection mechanism, upload and execute malicious PHP file on vulnerable system.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary OS commands vulnerable system with privileges of the web server account.

Note: this vulnerability is being actively exploited.


2) Unrestricted file upload (CVE-ID: CVE-2007-2024)

The vulnerability allows a remote attacker to execute arbitrary OS commands on vulnerable system.

The vulnerability exists due to insufficient sanitization of filename extension in lib/plugin/UpLoad.php when uploading files via UpLoad feature. A remote attacker can use php3, php4, or php5 extension to bypass implemented protection mechanism, upload and execute malicious PHP file on vulnerable system.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary OS commands vulnerable system with privileges of the web server account.

Note: this vulnerability is being actively exploited.


Remediation

Install update from vendor's website.

References