CVE-2007-2025

NameCVE-2007-2025
DescriptionUnrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1371-1
NVD severityhigh (attack range: remote)
Debian Bugs441390

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
phpwikisource(unstable)1.3.12p3-6.1high441390
phpwikisourceetch1.3.12p3-5etch1highDSA-1371-1

Search for package or bug name: Reporting problems