Vulnerabilities > CVE-2007-2025 - Unspecified vulnerability in PHPwiki 1.3.11P1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1371.NASL description Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2024 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. - CVE-2007-2025 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. - CVE-2007-3193 If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, phpWiki might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations. last seen 2020-06-01 modified 2020-06-02 plugin id 26032 published 2007-09-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26032 title Debian DSA-1371-1 : phpwiki - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200705-16.NASL description The remote host is affected by the vulnerability described in GLSA-200705-16 (PhpWiki: Remote execution of arbitrary code) Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Impact : A remote attacker could upload a specially crafted PHP file to the vulnerable server, resulting in the execution of arbitrary PHP code with the privileges of the user running PhpWiki. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25262 published 2007-05-20 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25262 title GLSA-200705-16 : PhpWiki: Remote execution of arbitrary code
References
- http://secunia.com/advisories/25307
- http://secunia.com/advisories/26784
- http://www.debian.org/security/2007/dsa-1371
- http://www.gentoo.org/security/en/glsa/glsa-200705-16.xml
- http://www.nabble.com/Important-UpLoad-security-fix%21-was--Fwd%3A--phpwiki---Open-Discussion--RE%3A-upload-security-risk--t3543463.html
- https://sourceforge.net/forum/message.php?msg_id=4249177