CVE-2007-3429

EPSS 2.55%
Published 27.06.2007 00:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

E107 ≫ E107 Version0.7

E107 ≫ E107 Version0.7.1

E107 ≫ E107 Version0.7.2

E107 ≫ E107 Version0.7.3

E107 ≫ E107 Version0.7.4

E107 ≫ E107 Version0.7.5

E107 ≫ E107 Version0.7.6

E107 ≫ E107 Version0.7.7

E107 ≫ E107 Version0.7.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.55%	0.849

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://osvdb.org/45426

http://www.g00ns-forum.net/showthread.php?t=9388

http://www.securityfocus.com/bid/24609

https://exchange.xforce.ibmcloud.com/vulnerabilities/35022

https://www.exploit-db.com/exploits/4099

https://nvd.nist.gov/vuln/detail/CVE-2007-3429

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3429

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3429

EUVD