CVE-2007-1255

2007-03-0320:19:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.003

Percentile

69.5%

JSON

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.

Affected configurations

Nvd

Node

connectixconnectix_boardsMatch0.4

connectixconnectix_boardsMatch0.4.1

connectixconnectix_boardsMatch0.4.2

connectixconnectix_boardsMatch0.4.3

connectixconnectix_boardsMatch0.4.4

connectixconnectix_boardsMatch0.5

connectixconnectix_boardsMatch0.5.1

connectixconnectix_boardsMatch0.5.2

connectixconnectix_boardsMatch0.5.3

connectixconnectix_boardsMatch0.5.4

connectixconnectix_boardsMatch0.5.5

connectixconnectix_boardsMatch0.6

connectixconnectix_boardsMatch0.6.1

connectixconnectix_boardsMatch0.7

VendorProductVersionCPE
connectixconnectix_boards0.4cpe:2.3:a:connectix:connectix_boards:0.4:*:*:*:*:*:*:*
connectixconnectix_boards0.4.1cpe:2.3:a:connectix:connectix_boards:0.4.1:*:*:*:*:*:*:*
connectixconnectix_boards0.4.2cpe:2.3:a:connectix:connectix_boards:0.4.2:*:*:*:*:*:*:*
connectixconnectix_boards0.4.3cpe:2.3:a:connectix:connectix_boards:0.4.3:*:*:*:*:*:*:*
connectixconnectix_boards0.4.4cpe:2.3:a:connectix:connectix_boards:0.4.4:*:*:*:*:*:*:*
connectixconnectix_boards0.5cpe:2.3:a:connectix:connectix_boards:0.5:*:*:*:*:*:*:*
connectixconnectix_boards0.5.1cpe:2.3:a:connectix:connectix_boards:0.5.1:*:*:*:*:*:*:*
connectixconnectix_boards0.5.2cpe:2.3:a:connectix:connectix_boards:0.5.2:*:*:*:*:*:*:*
connectixconnectix_boards0.5.3cpe:2.3:a:connectix:connectix_boards:0.5.3:*:*:*:*:*:*:*
connectixconnectix_boards0.5.4cpe:2.3:a:connectix:connectix_boards:0.5.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
connectix	connectix_boards	0.4	cpe:2.3:a:connectix:connectix_boards:0.4:::::::*
connectix	connectix_boards	0.4.1	cpe:2.3:a:connectix:connectix_boards:0.4.1:::::::*
connectix	connectix_boards	0.4.2	cpe:2.3:a:connectix:connectix_boards:0.4.2:::::::*
connectix	connectix_boards	0.4.3	cpe:2.3:a:connectix:connectix_boards:0.4.3:::::::*
connectix	connectix_boards	0.4.4	cpe:2.3:a:connectix:connectix_boards:0.4.4:::::::*
connectix	connectix_boards	0.5	cpe:2.3:a:connectix:connectix_boards:0.5:::::::*
connectix	connectix_boards	0.5.1	cpe:2.3:a:connectix:connectix_boards:0.5.1:::::::*
connectix	connectix_boards	0.5.2	cpe:2.3:a:connectix:connectix_boards:0.5.2:::::::*
connectix	connectix_boards	0.5.3	cpe:2.3:a:connectix:connectix_boards:0.5.3:::::::*
connectix	connectix_boards	0.5.4	cpe:2.3:a:connectix:connectix_boards:0.5.4:::::::*