Description

Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.

Remediation

References

CVE-2010-0996

Related Vulnerabilities

WordPress Plugin Travelpayouts:All Travel Brands in One Place Cross-Site Request Forgery (1.0.16)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4605)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.14)

WordPress Plugin Portfolio Slideshow Cross-Site Scripting (1.13.0)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (3.9.0)

Severity

Medium

Classification

CVE-2010-0996

Tags

Missing Update Known Vulnerabilities