Vulnerabilities > CVE-2007-2024 - Unspecified vulnerability in PHPwiki 1.3.X
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension. "Successful exploitation requires being logged in and that the webserver is configured to execute PHP scripts with such extensions. In the default configuration of PhpWiki, no registration or validation is necessary to log in."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1371.NASL description Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2024 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. - CVE-2007-2025 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. - CVE-2007-3193 If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, phpWiki might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations. last seen 2020-06-01 modified 2020-06-02 plugin id 26032 published 2007-09-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26032 title Debian DSA-1371-1 : phpwiki - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200705-16.NASL description The remote host is affected by the vulnerability described in GLSA-200705-16 (PhpWiki: Remote execution of arbitrary code) Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Impact : A remote attacker could upload a specially crafted PHP file to the vulnerable server, resulting in the execution of arbitrary PHP code with the privileges of the user running PhpWiki. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25262 published 2007-05-20 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25262 title GLSA-200705-16 : PhpWiki: Remote execution of arbitrary code
References
- http://secunia.com/advisories/24888
- http://secunia.com/advisories/25307
- http://secunia.com/advisories/26784
- http://www.debian.org/security/2007/dsa-1371
- http://www.gentoo.org/security/en/glsa/glsa-200705-16.xml
- http://www.kb.cert.org/vuls/id/914793
- http://www.nabble.com/Fwd%3A-Critical-phpwiki-c99shell-exploit-t3571197.html
- http://www.securityfocus.com/archive/1/465489/100/0/threaded
- http://www.securityfocus.com/archive/1/465514/100/0/threaded
- http://www.securityfocus.com/archive/1/465550/100/0/threaded
- http://www.vupen.com/english/advisories/2007/1400