Vulnerabilities > CVE-2010-0757 - Remote Input Validation vulnerability in Wikyblog 1.7.3

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
wikyblog
exploit available
NVD
Published: 2010-02-27
Updated: 2017-08-17

Summary

Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/. Per: http://cwe.mitre.org/data/definitions/434.html CWE-434: Unrestricted Upload of File with Dangerous Type

Vulnerable Configurations

Part Description Count
Application
Wikyblog
1

Exploit-Db

descriptionWikyBlog v1.7.3rc2 Multiple Vulnerabilities. CVE-2010-0754,CVE-2010-0755,CVE-2010-0756,CVE-2010-0757,CVE-2012-1913. Webapps exploit for php platform
fileexploits/php/webapps/11560.txt
idEDB-ID:11560
last seen2016-02-01
modified2010-02-24
platformphp
port
published2010-02-24
reporterindoushka
sourcehttps://www.exploit-db.com/download/11560/
titleWikyBlog 1.7.3rc2 - Multiple Vulnerabilities
typewebapps

References