Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/archive/1/465489/100/0/threaded | mailing-list x_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2007/1400 | vdb-entry x_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/465550/100/0/threaded | mailing-list x_refsource_BUGTRAQ |
| http://secunia.com/advisories/24888 | third-party-advisory x_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/914793 | third-party-advisory x_refsource_CERT-VN |
| http://www.debian.org/security/2007/dsa-1371 | vendor-advisory x_refsource_DEBIAN |
| http://secunia.com/advisories/26784 | third-party-advisory x_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-200705-16.xml | vendor-advisory x_refsource_GENTOO |
| http://www.securityfocus.com/archive/1/465514/100/0/threaded | mailing-list x_refsource_BUGTRAQ |
| http://www.nabble.com/Fwd%3A-Critical-phpwiki-c99shell-exploit-t3571197.html | mailing-list x_refsource_MLIST |
| http://secunia.com/advisories/25307 | third-party-advisory x_refsource_SECUNIA |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 6.8 | MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-Other | Primary | nvd@nist.gov |
"Successful exploitation requires being logged in and that the webserver is configured to execute PHP scripts with such extensions. In the default configuration of PhpWiki, no registration or validation is necessary to log in."