CVE-2007-5156 moin

Metadata

medium
6.8
moin
CVE-2007-5156
2017-06-18 07:04
CVE-2007-5156 knowledgeroot
CVE-2007-5156
2017-06-16 18:48
2017-04-01 19:11
2017-01-05 20:17

Description

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster moin 1.5.8-4.1
jessie moin 1.5.8-4.1
sid moin 1.5.8-4.1
stretch moin 1.5.8-4.1
wheezy moin 1.5.8-4.1