Description

Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.

Remediation

References

CVE-2010-0996

Related Vulnerabilities

Oracle Database Server CVE-2012-0527 Vulnerability (CVE-2012-0527)

WordPress Plugin Crisp Live Chat Cross-Site Request Forgery (0.31)

WordPress Plugin Log Emails Information Disclosure (1.0.6)

WordPress Plugin WP Statistics Cross-Site Scripting (8.3)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0050)

Severity

Medium

Classification

CVE-2010-0996

Tags

Missing Update Known Vulnerabilities