Vulnerabilities > CVE-2007-1604 - Arbitrary File Upload vulnerability in W-Agora 4.2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | W-Agora 4.2.1 Multiple Arbitrary File Upload Vulnerabilities. CVE-2007-1604. Webapps exploit for php platform |
| id | EDB-ID:29763 |
| last seen | 2016-02-03 |
| modified | 2007-03-20 |
| published | 2007-03-20 |
| reporter | laurent gaffie |
| source | https://www.exploit-db.com/download/29763/ |
| title | W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities |