CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.

Product Status

Learn more

Information not provided

References 8 Total

Updated: 2024-08-07

This container includes required additional information provided by the CVE Program for this vulnerability.

References 8 Total

secunia.com: 26968
external site
third-party-advisoryx_transferred
securityfocus.com: 25747
external site
vdb-entryx_transferred
exchange.xforce.ibmcloud.com: simplephpblog-uploadimgcgi-file-upload(36785)
external site
vdb-entryx_transferred
http://www.securenetwork.it/ricerca/advisory/download/SN-2007-03.txt
external site
x_transferred
http://www.simplephpblog.com/comments.php?y=07&m=09&entry=entry070923-004446
external site
x_transferred
http://www.simplephpblog.com/index.php?m=09&y=07
external site
x_transferred
securityfocus.com: 20070925 Simple PHP Blog Multiple Vulnerabilities
external site
mailing-listx_transferred
securityfocus.com: 20070920 SimplePHPBlog Hacking
external site
mailing-listx_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 8 Total

CVE Program

References 8 Total