Description

Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.

Remediation

References

CVE-2010-0996

Related Vulnerabilities

Atlassian Jira Incorrect Default Permissions Vulnerability (CVE-2019-20106)

WordPress Plugin Brute Force Login Protection Unspecified Vulnerability (1.5)

Dolibarr Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-3991)

Zenphoto Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-5593)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3810)

Severity

Medium

Classification

CVE-2010-0996

Tags

Missing Update Known Vulnerabilities