ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
References
Link | Resource |
---|---|
http://e107.org/comment.php?comment.news.672 | Broken Link Patch |
http://secunia.com/advisories/13657 | Broken Link Vendor Advisory |
http://securitytracker.com/id?1012657 | Broken Link Exploit Third Party Advisory VDB Entry |
http://www.osvdb.org/12586 | Broken Link |
http://www.securityfocus.com/bid/12111 | Broken Link Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/18670 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/704 | Third Party Advisory VDB Entry |
Configurations
History
26 Jan 2024, 19:10
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/12111 - Broken Link, Third Party Advisory, VDB Entry | |
References | (MISC) http://e107.org/comment.php?comment.news.672 - Broken Link, Patch | |
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/704 - Third Party Advisory, VDB Entry | |
References | (OSVDB) http://www.osvdb.org/12586 - Broken Link | |
References | (SECTRACK) http://securitytracker.com/id?1012657 - Broken Link, Exploit, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/13657 - Broken Link, Vendor Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18670 - Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : unknown |
CWE | CWE-434 | |
CPE | cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:* cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:* cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:* cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:* cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:* cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:* cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:* cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:* cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:* cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:* cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:* |
cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:* |
Information
Published : 2004-12-31 05:00
Updated : 2024-02-28 10:42
NVD link : CVE-2004-2262
Mitre link : CVE-2004-2262
CVE.ORG link : CVE-2004-2262
JSON object : View
Products Affected
e107
- e107
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type