Vulnerabilities > CVE-2007-5156

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

apache

fckeditor

sitex

exploit available

NVD

Published: 2007-10-01

Updated: 2018-10-15

Summary

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist'

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Http Server *	1
Application	Fckeditor Fckeditor Fckeditor *	1
Application	Sitex Sitex Sitex CMS 0.7.3_Beta	1

Exploit-Db

description	La-Nai CMS. CVE-2007-5156. Webapps exploit for php platform
file	exploits/php/webapps/5618.txt
id	EDB-ID:5618
last seen	2016-01-31
modified	2008-05-14
platform	php
port
published	2008-05-14
reporter	EgiX
source	https://www.exploit-db.com/download/5618/
title	La-Nai CMS <= 1.2.16 - fckeditor Arbitrary File Upload Exploit
type	webapps

id EDB-ID:5688

Vulnerabilities > CVE-2007-5156 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2007-5156"}]}

Summary

Vulnerable Configurations

Exploit-Db

References

Vulnerabilities > CVE-2007-5156