Vulnerabilities > CVE-2007-1604 - Arbitrary File Upload vulnerability in W-Agora 4.2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | W-Agora 4.2.1 Multiple Arbitrary File Upload Vulnerabilities. CVE-2007-1604. Webapps exploit for php platform |
id | EDB-ID:29763 |
last seen | 2016-02-03 |
modified | 2007-03-20 |
published | 2007-03-20 |
reporter | laurent gaffie |
source | https://www.exploit-db.com/download/29763/ |
title | W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities |