Lucene search

[email protected]CVE-2007-0764

HistoryFeb 06, 2007 - 2:28 a.m.

CVE-2007-0764

2007-02-0602:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

file upload

vulnerability

f3site 2.1

arbitrary php scripts

nvd

7.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.2%

JSON

Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.

CPENameOperatorVersion
f3site:f3sitef3siteeq2.1

CPE	Name	Operator	Version
f3site:f3site	f3site	eq	2.1

References

osvdb.org/34669

exchange.xforce.ibmcloud.com/vulnerabilities/32189

www.exploit-db.com/exploits/3255

7.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.2%

JSON

Related for CVE-2007-0764

prion1 securityvulns1