Vulnerabilities > CVE-2010-0757 - Unspecified vulnerability in Wikyblog 1.7.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN wikyblog
exploit available
Summary
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | WikyBlog v1.7.3rc2 Multiple Vulnerabilities. CVE-2010-0754,CVE-2010-0755,CVE-2010-0756,CVE-2010-0757,CVE-2012-1913. Webapps exploit for php platform |
| file | exploits/php/webapps/11560.txt |
| id | EDB-ID:11560 |
| last seen | 2016-02-01 |
| modified | 2010-02-24 |
| platform | php |
| port | |
| published | 2010-02-24 |
| reporter | indoushka |
| source | https://www.exploit-db.com/download/11560/ |
| title | WikyBlog 1.7.3rc2 - Multiple Vulnerabilities |
| type | webapps |
References
- http://osvdb.org/62648
- http://osvdb.org/62648
- http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txt
- http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txt
- http://www.exploit-db.com/exploits/11560
- http://www.exploit-db.com/exploits/11560
- http://www.securityfocus.com/bid/38386
- http://www.securityfocus.com/bid/38386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56517
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56517