Description

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

Remediation

References

CVE-2007-3429

Related Vulnerabilities

WordPress Plugin BulletProof Security Cross-Site Scripting (.50.9)

PHP Other Vulnerability (CVE-2007-1453)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5404)

WordPress Plugin Videos on Admin Dashboard Cross-Site Scripting (1.1.3)

WordPress Plugin Yasr-Yet Another Stars Rating Unspecified Vulnerability (1.3.2)

Severity

Medium

Classification

CVE-2007-3429

Tags

Missing Update Known Vulnerabilities