CVE-2007-2025
Published: 13 April 2007
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
Priority
Status
Package | Release | Status |
---|---|---|
phpwiki Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(1.3.12p3-6.1)
|
|
hardy |
Released
(1.3.12p3-6.1)
|
|
intrepid |
Released
(1.3.12p3-6.1)
|
|
jaunty |
Released
(1.3.12p3-6.1)
|
|
karmic |
Released
(1.3.12p3-6.1)
|
|
upstream |
Needs triage
|