Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-2025

Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.

Related bugs and status

CVE-2007-2025 (Candidate) is related to these bugs:

Bug #138614: Please sync phpwiki (universe) from Debian unstable (main)

Summary				In	Importance	Status
	138614	Please sync phpwiki (universe) from Debian unstable (main)		phpwiki (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [phpwiki-talk] 2007040...
MISC: https://sourceforge.ne...
GENTOO: GLSA-200705-16
SECUNIA: 25307
DEBIAN: DSA-1371
SECUNIA: 26784