ID CVE-2007-0972Type cveReporter NVDModified 2017-10-18T21:30:06
Description
Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875.
{"id": "CVE-2007-0972", "bulletinFamily": "NVD", "title": "CVE-2007-0972", "description": "Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875.", "published": "2007-02-15T20:28:00", "modified": "2017-10-18T21:30:06", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0972", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/22560", "http://www.acid-root.new.fr/advisories/12070214.txt", "http://mgsdl.free.fr/advisories/12070214.txt", "https://www.exploit-db.com/exploits/3311", "https://exchange.xforce.ibmcloud.com/vulnerabilities/32517", "http://www.securityfocus.com/archive/1/archive/1/460100/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded"], "cvelist": ["CVE-2007-0972"], "type": "cve", "lastseen": "2017-10-19T11:12:45", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:jupiter_cms:jupiter_cms:1.1.5"], "cvelist": ["CVE-2007-0972"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875.", "edition": 1, "enchantments": {}, "hash": "973e71a338c8d14b42a36e6ebfe772dfc05a23934886618bc301260e0301d053", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "c5df64e49b5fd9dbf25a923c2bede8f3", "key": "description"}, {"hash": "c6719ffb8f44bcc12130fd9ba28a3cc3", "key": "modified"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "9f6390c060a30278119c922bd6719319", "key": "cvelist"}, {"hash": "903a8ac9b5a1c9e72ed4db9c451b68bc", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "42d748a600077a889fa3d9e6701b6bf2", "key": "published"}, {"hash": "d53411129357df9450bb6688001410f7", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "217635fd5ab514d040da2223e8ff4776", "key": "href"}, {"hash": "8401ca267e86e6d25ab4f1df9be21e11", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0972", "id": "CVE-2007-0972", "lastseen": "2016-09-03T08:27:52", "modified": "2011-03-07T21:51:03", "objectVersion": "1.2", "published": "2007-02-15T20:28:00", "references": ["http://www.securityfocus.com/bid/22560", "http://www.acid-root.new.fr/advisories/12070214.txt", "http://mgsdl.free.fr/advisories/12070214.txt", "http://xforce.iss.net/xforce/xfdb/32517", "http://milw0rm.com/exploits/3311", "http://www.securityfocus.com/archive/1/archive/1/460100/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-0972", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T08:27:52"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:jupiter_cms:jupiter_cms:1.1.5"], "cvelist": ["CVE-2007-0972"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875.", "edition": 2, "enchantments": {}, "hash": "92841101c72fc62e09651e55487208dcec56522f4f114285490f8fa42a8957b3", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "c5df64e49b5fd9dbf25a923c2bede8f3", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "9f6390c060a30278119c922bd6719319", "key": "cvelist"}, {"hash": "903a8ac9b5a1c9e72ed4db9c451b68bc", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "42d748a600077a889fa3d9e6701b6bf2", "key": "published"}, {"hash": "d53411129357df9450bb6688001410f7", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "217635fd5ab514d040da2223e8ff4776", "key": "href"}, {"hash": "5dfd5746d0c2b8fcff2175cd54a890a0", "key": "references"}, {"hash": "5d00c9a8c19a6ee9802667fc5a64e66f", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0972", "id": "CVE-2007-0972", "lastseen": "2017-07-29T11:21:53", "modified": "2017-07-28T21:30:32", "objectVersion": "1.3", "published": "2007-02-15T20:28:00", "references": ["http://www.securityfocus.com/bid/22560", "http://www.acid-root.new.fr/advisories/12070214.txt", "http://mgsdl.free.fr/advisories/12070214.txt", "http://milw0rm.com/exploits/3311", "https://exchange.xforce.ibmcloud.com/vulnerabilities/32517", "http://www.securityfocus.com/archive/1/archive/1/460100/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-0972", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-29T11:21:53"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "903a8ac9b5a1c9e72ed4db9c451b68bc"}, {"key": "cvelist", "hash": "9f6390c060a30278119c922bd6719319"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "c5df64e49b5fd9dbf25a923c2bede8f3"}, {"key": "href", "hash": "217635fd5ab514d040da2223e8ff4776"}, {"key": "modified", "hash": "e5c0e8ee7df15aabed515a3139796f16"}, {"key": "published", "hash": "42d748a600077a889fa3d9e6701b6bf2"}, {"key": "references", "hash": "6ade47ef73f424a19fb9ca219a60d065"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "d53411129357df9450bb6688001410f7"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b4ae349deb7ee51fa33d5c78a534c097d7ac38706eb50c5f97718178f7d0befd", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:jupiter_cms:jupiter_cms:1.1.5"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"osvdb": [{"id": "OSVDB:33728", "type": "osvdb", "title": "Jupiter CMS modules/emoticons.php Unrestricted File Upload", "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 33730](https://vulners.com/osvdb/OSVDB:33730)\n[Related OSVDB ID: 33727](https://vulners.com/osvdb/OSVDB:33727)\n[Related OSVDB ID: 33729](https://vulners.com/osvdb/OSVDB:33729)\n[Related OSVDB ID: 33731](https://vulners.com/osvdb/OSVDB:33731)\nOther Advisory URL: http://mgsdl.free.fr/advisories/12070214.txt\nOther Advisory URL: http://www.acid-root.new.fr/advisories/12070214.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0238.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0228.html\nISS X-Force ID: 32517\nGeneric Exploit URL: http://milw0rm.com/exploits/3311\n[CVE-2007-0972](https://vulners.com/cve/CVE-2007-0972)\nBugtraq ID: 22560\n", "published": "2007-02-14T02:51:48", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:33728", "cvelist": ["CVE-2007-0972"], "lastseen": "2017-04-28T13:20:30"}], "exploitdb": [{"id": "EDB-ID:3311", "type": "exploitdb", "title": "Jupiter CMS 1.1.5 - Remote File Upload Exploit", "description": "Jupiter CMS 1.1.5 Remote File Upload Exploit. CVE-2007-0972. Webapps exploit for php platform", "published": "2007-02-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/3311/", "cvelist": ["CVE-2007-0972"], "lastseen": "2016-01-31T18:11:17"}]}}
