CVE-2007-1255 - OpenCVE

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Connectix	Connectix Boards

Configuration 1 [-]

OR	cpe:2.3:a:connectix:connectix_boards:0.4:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.4.1:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.4.2:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.4.3:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.4.4:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.5:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.5.1:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.5.2:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.5.3:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.5.4:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.5.5:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.6:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.6.1:::::::*
	cpe:2.3:a:connectix:connectix_boards:0.7:::::::*

No data.

References

Link	Providers
http://osvdb.org/33538
http://secunia.com/advisories/24255
http://securityreason.com/securityalert/2364
http://www.securityfocus.com/archive/1/460947/100/0/threaded
https://www.exploit-db.com/exploits/3352

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-03T20:00:00

Updated: 2024-08-07T12:50:35.015Z

Reserved: 2007-03-03T00:00:00

Link: CVE-2007-1255

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-03-03T20:19:00.000

Modified: 2018-10-16T16:37:38.157

Link: CVE-2007-1255

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-21T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24255", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24255"}, {"name": "2364", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2364"}, {"name": "33538", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33538"}, {"name": "20070221 Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/460947/100/0/threaded"}, {"name": "3352", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3352"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1255", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24255", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24255"}, {"name": "2364", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2364"}, {"name": "33538", "refsource": "OSVDB", "url": "http://osvdb.org/33538"}, {"name": "20070221 Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/460947/100/0/threaded"}, {"name": "3352", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3352"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:50:35.015Z"}, "title": "CVE Program Container", "references": [{"name": "24255", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24255"}, {"name": "2364", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2364"}, {"name": "33538", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33538"}, {"name": "20070221 Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/460947/100/0/threaded"}, {"name": "3352", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3352"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1255", "datePublished": "2007-03-03T20:00:00", "dateReserved": "2007-03-03T00:00:00", "dateUpdated": "2024-08-07T12:50:35.015Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:connectix:connectix_boards:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A5697238-ED12-40AF-87F5-42D5768800B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "BE38981D-9CF2-433E-8810-6030EC832105", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A2BC277-396B-4B8B-8263-162CBEFFF018", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "6AE0598A-10D0-458F-92F5-57920FF1CC55", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B55C55CA-8FE6-4544-B2BB-5492BED5D1F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "ECA1DDA5-F74F-4E51-B773-B1D5963DBF1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3009E669-72F1-4F78-901E-7252A3DC7D78", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "B311CD0D-F28A-4828-9B95-706D14AC7331", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "4243ECCE-E2AF-400F-BC10-E5A80FCBFEE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "4BA82EC7-07F8-4FB4-90CF-A8B5680E42EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "071809EB-CB31-434D-A973-2B8E395167C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "F117FB93-A4D9-46F0-A4CB-49183C66AAC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "8F81D304-CF6F-4700-91E8-BAB3D80FAE0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:connectix:connectix_boards:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "777E612F-6B0D-403A-8117-A16EC7CE6F77", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks."}, {"lang": "es", "value": "Vulnerabilidad de actualizaci\u00f3n de archivos no restringido en admin.bbcode.php en Connectix Boards 0.7 y anteriores permite a administradores remotos validados ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de actualizaci\u00f3n de una imagen smiley GIF con un una extensi\u00f3n .php a trav\u00e9s del par\u00e1metro uploadimage en admin.php, lo cual podr\u00eda estar posteriormente accesible a trav\u00e9s de respuesta directa para el fichero en smileys/. NOTA: \t\r\nesto puede ser apalancado con una edici\u00f3n separada de inyecci\u00f3n SQL para ataques remotos no validados."}], "id": "CVE-2007-1255", "lastModified": "2018-10-16T16:37:38.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-03T20:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33538"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/24255"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2364"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/460947/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3352"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}