CVE-2007-1549 - Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to uplo

CVE-2007-1549

Summary

Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory.

References

http://securityreason.com/securityalert/2457
http://www.securityfocus.com/archive/1/463192/100/0/threaded
http://www.securityfocus.com/bid/23033
https://exchange.xforce.ibmcloud.com/vulnerabilities/33151

Vulnerable Configurations

cpe:2.3:a:phpx:phpx:*:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 16-10-2018 - 16:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	23033
bugtraq	20070319 phpx 3.5.15 multiples vulnerabilities
sreason	2457
xf	phpx-gallery-file-upload(33151)

Last major update

16-10-2018 - 16:39

Published

20-03-2007 - 22:19

Last modified

16-10-2018 - 16:39