Vulnerabilities > CVE-2007-0764 - File-Upload vulnerability in F3Site 2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | F3Site <= 2.1 Remote Code Execution Exploit. CVE-2007-0763,CVE-2007-0764. Webapps exploit for php platform |
file | exploits/php/webapps/3255.php |
id | EDB-ID:3255 |
last seen | 2016-01-31 |
modified | 2007-02-02 |
platform | php |
port | |
published | 2007-02-02 |
reporter | Kacper |
source | https://www.exploit-db.com/download/3255/ |
title | F3Site <= 2.1 - Remote Code Execution Exploit |
type | webapps |