CVE-2007-5071

Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.
Configurations

Configuration 1

cpe:2.3:a:alexander_palmo:simple_php_blog:*:*:*:*:*:*:*:*

Information

Published : 2007-09-24 11:17

Updated : 2018-10-15 09:40


NVD link : CVE-2007-5071

Mitre link : CVE-2007-5071

Products Affected
No products.
CWE