Vulnerabilities > CVE-2007-0123 - File-Upload vulnerability in Uber Uploader Uber Uploader 4.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
uber-uploader
Summary
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |