1. CVE-Search
  2. CVE-2010-0996
ID CVE-2010-0996
Summary Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
References
Vulnerable Configurations
  • cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:-:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:-:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.7.19:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.547:beta:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.547:beta:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.548:beta:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.548:beta:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.549:beta:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.549:beta:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.551:beta:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.551:beta:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.552:beta:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.552:beta:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.553:beta:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.553:beta:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.554:beta:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.554:beta:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.555:beta:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.555:beta:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.3:beta:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.3:beta:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.3:beta2:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.3:beta2:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.04:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.04:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.4:beta1:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.4:beta1:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.4:beta2:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.4:beta2:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.4:beta3:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.4:beta3:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.4:beta4:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.4:beta4:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.4:beta5:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.4:beta5:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.4:beta6:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.4:beta6:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.05:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.05:*:*:*:*:*:*:*
  • cpe:2.3:a:e107:e107:5.21:*:*:*:*:*:*:*
    cpe:2.3:a:e107:e107:5.21:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 10-10-2018 - 19:55)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
refmap via4
bid 39540
bugtraq 20100419 Secunia Research: e107 Avatar/Photograph Image File Upload Vulnerability
confirm http://e107.org/comment.php?comment.news.864
misc
secunia 39013
vupen ADV-2010-0919
xf e107-phpfiletypesphp-file-upload(57932)
Last major update 10-10-2018 - 19:55
Published 20-04-2010 - 16:30
Last modified 10-10-2018 - 19:55
Back to Top