NVD

Id
53788  
Name
CVE-2007-1604  
Description
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-03-22  
Modified Date
2008-11-13  
Seq
2007-1604  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
272634 53788 CVE-2007-1604 2462  View
272635 53788 CVE-2007-1604 20070320 w-agora [multiples file upload,xss,full path disclosure,error sql]  View
272636 53788 CVE-2007-1604 23055  View
272637 53788 CVE-2007-1604 wagora-browseavatar-file-upload(33173)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
56596 JVNDB-2007-005288 Web-Agora における任意のコードを実行される脆弱性 w-Agora (Web-Agora) は、無制限にファイルをアップロードする不備があるため、任意の PHP コードをアップロードされる、および実行される脆弱性が存在します。 CVE-2007-1604 24959 CVE-2007-1604 53788 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005288.html 2007-03-22 2012-12-20 View