CVE-2007-5156

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2007-5156

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2007-5156.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2007-5156

Withdrawn

2024-06-30T15:57:38.278005Z

Published

2007-10-01T05:17:00Z

Modified

2024-06-04T04:00:19Z

Summary

[none]

Details

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.

References

Affected packages

Debian:10 / moin

Package

Name: moin
Purl: pkg:deb/debian/moin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.8-4.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2007-5156.json"