Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2007-0764

Published

17 years ago

Last Modified

6 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Share on Facebook
Share on LinkedIn
Share on Twitter

Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php..

CVSSv2.0 Score

Severity: Medium
Base Score: 6.5/10
Exploit Score: 8/10
Access Vector: Network
Access Complexity: Low
Authentication Required: Single
Impact Score: 6.4/10
Confidentiality Impact: Partial
Availability Impact: Partial
Integrity Impact: Partial

Products Affected

CPE	Affected	Vulnerable	Excluding	Edit
cpe:2.3:a:f3site:f3site:2.1:::::::*	Yes	-	-

References

http://osvdb.org/34669
https://exchange.xforce.ibmcloud.com/vulnerabilities/32189
https://www.exploit-db.com/exploits/3255