CVE-2007-3429 | Vulnerability Database | Aqua Security

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

Affected Software

Name	Vendor	Start Version	End Version
E107	E107	0.7 (including)	0.7 (including)
E107	E107	0.7.1 (including)	0.7.1 (including)
E107	E107	0.7.2 (including)	0.7.2 (including)
E107	E107	0.7.3 (including)	0.7.3 (including)
E107	E107	0.7.4 (including)	0.7.4 (including)
E107	E107	0.7.5 (including)	0.7.5 (including)
E107	E107	0.7.6 (including)	0.7.6 (including)
E107	E107	0.7.7 (including)	0.7.7 (including)
E107	E107	0.7.8 (including)	0.7.8 (including)

References

http://osvdb.org/45426
http://www.g00ns-forum.net/showthread.php?t=9388
http://www.securityfocus.com/bid/24609
https://exchange.xforce.ibmcloud.com/vulnerabilities/35022
https://www.exploit-db.com/exploits/4099
http://osvdb.org/45426
http://www.g00ns-forum.net/showthread.php?t=9388
http://www.securityfocus.com/bid/24609
https://exchange.xforce.ibmcloud.com/vulnerabilities/35022
https://www.exploit-db.com/exploits/4099

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-3429
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html