CVE Vulnerabilities

CVE-2007-1255

Published: Mar 03, 2007 | Modified: Oct 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.

Affected Software

Name Vendor Start Version End Version
Connectix_boards Connectix 0.5 0.5
Connectix_boards Connectix 0.4.2 0.4.2
Connectix_boards Connectix 0.4 0.4
Connectix_boards Connectix 0.4.3 0.4.3
Connectix_boards Connectix 0.7 0.7
Connectix_boards Connectix 0.5.4 0.5.4
Connectix_boards Connectix 0.5.3 0.5.3
Connectix_boards Connectix 0.5.1 0.5.1
Connectix_boards Connectix 0.6.1 0.6.1
Connectix_boards Connectix 0.5.2 0.5.2
Connectix_boards Connectix 0.4.4 0.4.4
Connectix_boards Connectix 0.4.1 0.4.1
Connectix_boards Connectix 0.5.5 0.5.5
Connectix_boards Connectix 0.6 0.6

References