CVE-2007-5156
CVE-2007-5156
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/5618unverifiedcve_referencewww.exploit-db.com/exploits/5688unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://dev.fckeditor.net/changeset/973http://dev.fckeditor.net/ticket/1325http://downloads.securityfocus.com/vulnerabilities/exploits/30677.phphttp://secunia.com/advisories/27123http://secunia.com/advisories/27174http://securityreason.com/securityalert/3182https://exchange.xforce.ibmcloud.com/vulnerabilities/42425https://exchange.xforce.ibmcloud.com/vulnerabilities/42733https://exchange.xforce.ibmcloud.com/vulnerabilities/44455http://sourceforge.net/forum/forum.php?forum_id=743930http://sourceforge.net/project/shownotes.php?release_id=546000https://www.exploit-db.com/exploits/5618