CVE-2017-7402

🗓️ 03 Apr 2017 17:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 55 Views🌐 WEB

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via a POST request

Reporter	Title	Published	Views	Family All 8
0day.today	Pixie 1.0.4 - Arbitrary File Upload Vulnerability	4 Apr 201700:00	–	zdt
Cvelist	CVE-2017-7402	3 Apr 201717:00	–	cvelist
Exploit DB	Pixie 1.0.4 - Arbitrary File Upload	2 Apr 201700:00	–	exploitdb
EUVD	EUVD-2017-16426	7 Oct 202500:30	–	euvd
exploitpack	Pixie 1.0.4 - Arbitrary File Upload	2 Apr 201700:00	–	exploitpack
NVD	CVE-2017-7402	3 Apr 201717:59	–	nvd
Packet Storm	Pixie 1.0.4 Shell Upload	2 Apr 201700:00	–	packetstorm
Prion	Design/Logic Flaw	3 Apr 201717:59	–	prion

NVD

Node

Source	Link
exploit-db	www.exploit-db.com/exploits/41784/
rungga	www.rungga.blogspot.co.id/2017/04/remote-file-upload-vulnerability-in.html

Parameter	Position	Path	Description	CWE
upload[]	request body	pixie_v1.04/admin/index.php?s=publish&x=filemanager	Pixie 1.0.4 allows uploading a PHP file by renaming the file to a double extension (e.g., .jpg.php) and then executing it via the uploaded payload.	CWE-94
Content-Type	request body	pixie_v1.04/admin/index.php?s=publish&x=filemanager	Pixie 1.0.4 allows uploading a PHP file by renaming the file to a double extension (e.g., .jpg.php) and then executing it via the uploaded payload.	CWE-94
filename	request body	pixie_v1.04/admin/index.php?s=publish&x=filemanager	Pixie 1.0.4 allows uploading a PHP file by renaming the file to a double extension (e.g., .jpg.php) and then executing it via the uploaded payload.	CWE-94

13 May 2026 00:24Current

9.3High risk

Vulners AI Score9.3

CVSS 27.5

CVSS 39.8

EPSS0.09321