CVE-2007-2025

NameCVE-2007-2025
DescriptionUnrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1371-1
NVD severityhigh
Debian Bugs441390

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
phpwikisourceetch1.3.12p3-5etch1DSA-1371-1
phpwikisource(unstable)1.3.12p3-6.1441390

Search for package or bug name: Reporting problems