Vulnerability CVE-2007-2024

Vulnerability Name:

CVE-2007-2024 (CCN-34146)

Assigned:

2007-04-08

Published:

2007-04-08

Updated:

2018-10-16

Summary:

Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
"Successful exploitation requires being logged in and that the webserver is configured to execute PHP scripts with such extensions. In the default configuration of PhpWiki, no registration or validation is necessary to log in."

CVSS v3 Severity:

4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Thu Apr 12 2007 - 08:14:14 CDT
Critical phpwiki c99shell exploit

Source: MITRE
Type: CNA
CVE-2007-2024

Source: CCN
Type: SA24888
PhpWiki "UpLoad" PHP Script Upload Vulnerability

Source: SECUNIA
Type: Vendor Advisory
24888

Source: SECUNIA
Type: UNKNOWN
25307

Source: SECUNIA
Type: UNKNOWN
26784

Source: CCN
Type: SourceForge.net
PhpWiki

Source: DEBIAN
Type: UNKNOWN
DSA-1371

Source: DEBIAN
Type: DSA-1371
phpwiki -- several vulnerabilities

Source: CCN
Type: GLSA-200705-16
PhpWiki: Remote execution of arbitrary code

Source: GENTOO
Type: UNKNOWN
GLSA-200705-16

Source: CCN
Type: US-CERT VU#914793
PhpWiki fails to properly restrict uploaded files

Source: CERT-VN
Type: US Government Resource
VU#914793

Source: MLIST
Type: UNKNOWN
[phpwiki-talk] 20070413 Fwd: Critical phpwiki c99shell exploit

Source: CCN
Type: OSVDB ID: 34960
PhpWiki UpLoad.php Unrestricted File Upload

Source: BUGTRAQ
Type: UNKNOWN
20070412 Critical phpwiki c99shell exploit

Source: BUGTRAQ
Type: UNKNOWN
20070412 Re: Critical phpwiki c99shell exploit

Source: BUGTRAQ
Type: UNKNOWN
20070412 RE: Critical phpwiki c99shell exploit

Source: VUPEN
Type: UNKNOWN
ADV-2007-1400

Source: XF
Type: UNKNOWN
phpwiki-upload-file-upload(34146)

Vulnerable Configuration:

Configuration 1:

cpe:/a:phpwiki:phpwiki:1.3.x:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:20426	P	DSA-1371-1 phpwiki - several vulnerabilities	2014-06-23
oval:org.debian:def:1371	V	several vulnerabilities	2007-09-11

BACK