Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2007-5156

Опубликовано: 01 окт. 2007
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 7.5

Описание

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.

РелизСтатусПримечание
dapper

DNE

devel

released

0.9.8.4-1.1
edgy

DNE

feisty

ignored

end of life, was needed
gutsy

released

0.9.8.4-1.1
hardy

released

0.9.8.4-1.1
upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 98%
0.48811
Средний

7.5 High

CVSS2

Связанные уязвимости

nvd логотип

CVE-2007-5156

nvd
больше 18 лет назад

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.

debian логотип

CVE-2007-5156

debian
больше 18 лет назад

Incomplete blacklist vulnerability in editor/filemanager/upload/php/up ...

github логотип

GHSA-p57r-mjxp-9www

github
почти 4 года назад

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.

EPSS

Процентиль: 98%
0.48811
Средний

7.5 High

CVSS2