Description

Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.

Remediation

References

CVE-2010-0996

Related Vulnerabilities

Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-1027)

WordPress Plugin WooSidebars Cross-Site Scripting (1.4.1)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5340)

PostgreSQL CVE-2017-7548 Vulnerability (CVE-2017-7548)

Zope Web Application Server Other Vulnerability (CVE-2006-3458)

Severity

Medium

Classification

CVE-2010-0996

Tags

Missing Update Known Vulnerabilities