2 matches found
CVE-2007-1139
CVE-2007-1139 describes an unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP). The flaw allows remote attackers to upload arbitrary scripts by using a filename with a double extension, enabling potential code execution or defacement on the affected server. The NVD entr...
CVE-2007-1138
CVE-2007-1138 affects Cromosoft Simple Plantilla PHP (SPP). A vulnerability in list_main_pages.php allows absolute path traversal via the nfolder parameter, enabling remote attackers to list arbitrary directories and read arbitrary files. The issue is rooted in an improper handling of absolute pa...