ID CVE-2007-4182
Summary Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/.
References
Vulnerable Configurations
  • cpe:2.3:a:wikiwebweaver:wikiwebweaver:*:*:*:*:*:*:*:*
    cpe:2.3:a:wikiwebweaver:wikiwebweaver:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 15-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 25164
bugtraq 20070801 WikiWebWeaver 1.1 beta Upload Shell Vulnerability
sreason 2972
xf wikiwebweaver-index-file-upload(35736)
Last major update 15-10-2018 - 21:33
Published 08-08-2007 - 01:17
Last modified 15-10-2018 - 21:33
Back to Top