4.9
CVE-2007-6479
- EPSS 1.57%
- Veröffentlicht 20.12.2007 20:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:09
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginUnrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.57% | 0.722 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 6.8 | 4.9 |
AV:N/AC:M/Au:S/C:P/I:P/A:N
|
http://secunia.com/advisories/28154
http://www.securityfocus.com/bid/26940
https://exchange.xforce.ibmcloud.com/vulnerabilities/39148
https://www.exploit-db.com/exploits/4753