SimplePHPBlog img_upload_cgi.php Arbitrary File Upload Vulnerability

Bugtraq ID:	25747
Class:	Input Validation Error
CVE:	CVE-2007-5071
Remote:	Yes
Local:	No
Published:	Sep 20 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Demential is credited with the discovery of this vulnerability.
Vulnerable:	SimplePHPBlog SimplePHPBlog 0.4.9
Not Vulnerable:

SimplePHPBlog img_upload_cgi.php Arbitrary File Upload Vulnerability

SimplePHPBlog is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this vulnerability to upload PHP script code and execute it in the context of the webserver process.

This issue affects SimplePHPBlog 0.4.9; other versions may also be affected.

SimplePHPBlog img_upload_cgi.php Arbitrary File Upload Vulnerability

Attackers can use a browser to exploit this issue.

SimplePHPBlog img_upload_cgi.php Arbitrary File Upload Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

SimplePHPBlog img_upload_cgi.php Arbitrary File Upload Vulnerability

References:

• SimplePHPBlog Homepage (SimplePHPBlog)
  
• SimplePHPBlog Hacking ([email protected])