Description

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

Remediation

References

CVE-2007-3429

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2006-1869)

WordPress Plugin Manage and respond to conversations with leads-HappyForms PHP Object Injection (1.0.0)

WordPress Plugin SAML SP Single Sign On-SSO login Unspecified Vulnerability (4.8.75)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43735)

WordPress Plugin Portfolio for Elementor, Image Gallery & Post Grid-PowerFolio Security Bypass (2.1.6)

Severity

Medium

Classification

CVE-2007-3429

Tags

Missing Update Known Vulnerabilities