Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-09-24T23:00:00
Updated: 2018-10-15T20:57:01
Reserved: 2007-09-24T00:00:00
Link: CVE-2007-5071
JSON object: View
NVD Information
Status : Modified
Published: 2007-09-24T23:17:00.000
Modified: 2018-10-15T21:40:14.910
Link: CVE-2007-5071
JSON object: View
Redhat Information
No data.
CWE