Lucene search

MitreCVE-2007-1235

HistoryMar 03, 2007 - 7:19 p.m.

CVE-2007-1235

2007-03-0319:19:00

CWE-20

mitre

web.nvd.nist.gov

vulnerability

file upload

sitex

remote attackers

php code

double extension

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.007

Percentile

80.9%

JSON

Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.

Affected configurations

Nvd

Node

bj_sintaysitexMatch0.7.3

VendorProductVersionCPE
bj_sintaysitex0.7.3cpe:2.3:a:bj_sintay:sitex:0.7.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bj_sintay	sitex	0.7.3	cpe:2.3:a:bj_sintay:sitex:0.7.3:::::::*

References

osvdb.org/33157

securityreason.com/securityalert/2373

www.securityfocus.com/archive/1/461305/100/0/threaded

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.007

Percentile

80.9%

JSON

Related for CVE-2007-1235