← back
CVE-2007-6479

CVE-2007-6479

EPSS 1.6%
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/4753unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/28154https://exchange.xforce.ibmcloud.com/vulnerabilities/39148https://www.exploit-db.com/exploits/4753http://www.securityfocus.com/bid/26940