6
CVE-2007-1255
- EPSS 0.87%
- Veröffentlicht 03.03.2007 20:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:14
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginUnrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Connectix ≫ Connectix Boards Version0.4
Connectix ≫ Connectix Boards Version0.4.1
Connectix ≫ Connectix Boards Version0.4.2
Connectix ≫ Connectix Boards Version0.4.3
Connectix ≫ Connectix Boards Version0.4.4
Connectix ≫ Connectix Boards Version0.5
Connectix ≫ Connectix Boards Version0.5.1
Connectix ≫ Connectix Boards Version0.5.2
Connectix ≫ Connectix Boards Version0.5.3
Connectix ≫ Connectix Boards Version0.5.4
Connectix ≫ Connectix Boards Version0.5.5
Connectix ≫ Connectix Boards Version0.6
Connectix ≫ Connectix Boards Version0.6.1
Connectix ≫ Connectix Boards Version0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.87% | 0.539 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
http://secunia.com/advisories/24255
http://securityreason.com/securityalert/2364
http://www.securityfocus.com/archive/1/460947/100/0/threaded
https://www.exploit-db.com/exploits/3352
http://osvdb.org/33538