CVE-2007-0370 - Vulnerability Details - OpenCVE

Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00301.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpbp	Phpbp

Configuration 1 [-]

cpe:2.3:a:phpbp:phpbp:rc3_2.204:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/34762
https://exchange.xforce.ibmcloud.com/vulnerabilities/31619
https://www.exploit-db.com/exploits/3153

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-19T23:00:00

Updated: 2024-08-07T12:19:29.033Z

Reserved: 2007-01-19T00:00:00

Link: CVE-2007-0370

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-19T23:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0370

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "phpbp-banner-file-upload(31619)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31619"}, {"name": "3153", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3153"}, {"name": "34762", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34762"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0370", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "phpbp-banner-file-upload(31619)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31619"}, {"name": "3153", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3153"}, {"name": "34762", "refsource": "OSVDB", "url": "http://osvdb.org/34762"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:19:29.033Z"}, "title": "CVE Program Container", "references": [{"name": "phpbp-banner-file-upload(31619)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31619"}, {"name": "3153", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3153"}, {"name": "34762", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/34762"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0370", "datePublished": "2007-01-19T23:00:00", "dateReserved": "2007-01-19T00:00:00", "dateUpdated": "2024-08-07T12:19:29.033Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpbp:phpbp:rc3_2.204:*:*:*:*:*:*:*", "matchCriteriaId": "84F85867-77D4-4CC5-92BA-D85CDA3CDF5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers."}, {"lang": "es", "value": "Vulnerabilidad de actualizaci\u00f3n de fichero no restrictiva en index.php en phpBP RC3 (2.204) y anteriores permiten a administradores remotos inyectar c\u00f3digo PHP de su elecci\u00f3n dentro del archivo upload/banners/ a trav\u00e9s de la operaci\u00f3n de a\u00f1adido de banners que actualizan el c\u00f3digo PHP a trav\u00e9s del par\u00e1metro image_form especificando un nombre de archivo de m\u00faltiples extensiones tales como .jpg.vil.gif.php, el cual es almacenado en upload/banners/ bajo un nombre diferente, y ejecutable a trav\u00e9s de una respuesta directa. NOTA: el asunto de inyecci\u00f3n SQL separado podr\u00eda estar apalancado hace esta vulnerabilidad accesible a trav\u00e9s de atacantes remotos no validados."}], "id": "CVE-2007-0370", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-19T23:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/34762"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31619"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3153"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/34762"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31619"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3153"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}